Browse code

pua_dialoginfo: fix memory corruption

* don't use SRUID_SIZE, just reserve the proper generated size
* call sruid_init() at child_init too

Victor Seva authored on 04/11/2021 10:07:49
Showing 2 changed files
... ...
@@ -363,7 +363,7 @@ void dialog_publish(char *state, str* ruri, str *entity, str *peer, str *callid,
363 363
 	}
364 364
 	publ->id.s= (char*)publ+ size;
365 365
 	memcpy(publ->id.s, "DIALOG_PUBLISH.", 15);
366
-	memcpy(publ->id.s+15, uuid->s, callid->len);
366
+	memcpy(publ->id.s+15, uuid->s, uuid->len);
367 367
 	publ->id.len= 15+ uuid->len;
368 368
 	size+= publ->id.len;
369 369
 
... ...
@@ -108,7 +108,7 @@ send_publish_t pua_send_publish;
108 108
 /** module functions */
109 109
 
110 110
 static int mod_init(void);
111
-
111
+static int child_init(int rank);
112 112
 
113 113
 static cmd_export_t cmds[]={
114 114
 	{0, 0, 0, 0, 0, 0}
... ...
@@ -146,7 +146,7 @@ struct module_exports exports= {
146 146
 	0,					/* exported pseudo-variables */
147 147
 	0,					/* response handling function */
148 148
 	mod_init,			/* module initialization function */
149
-	0,					/* per-child init function */
149
+	child_init,		/* per-child init function */
150 150
 	0					/* module destroy function */
151 151
 };
152 152
 
... ...
@@ -490,6 +490,13 @@ struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type, int disable
490 490
 	int len;
491 491
 	str* s=NULL;
492 492
 
493
+	// generate new random uuid
494
+	if(sruid_next_safe(&_puadi_sruid) < 0) {
495
+		return NULL;
496
+	}
497
+	LM_DBG("uuid generated: '%.*s'\n",
498
+		_puadi_sruid.uid.len, _puadi_sruid.uid.s);
499
+
493 500
 	/* create dlginfo structure to store important data inside the module*/
494 501
 	len = sizeof(struct dlginfo_cell)
495 502
 		+ dlg->from_uri.len
... ...
@@ -498,7 +505,7 @@ struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type, int disable
498 505
 		+ dlg->tag[0].len
499 506
 		+ dlg->req_uri.len
500 507
 		+ dlg->contact[0].len
501
-		+ SRUID_SIZE;
508
+		+ _puadi_sruid.uid.len;
502 509
 
503 510
 	dlginfo = (struct dlginfo_cell*)shm_malloc( len );
504 511
 	if (dlginfo==0) {
... ...
@@ -524,7 +531,7 @@ struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type, int disable
524 531
 	dlginfo->from_contact.s   = dlginfo->req_uri.s + dlginfo->req_uri.len;
525 532
 	dlginfo->from_contact.len = dlg->contact[0].len;
526 533
 	dlginfo->uuid.s = dlginfo->from_contact.s + dlginfo->from_contact.len;
527
-	dlginfo->uuid.len = SRUID_SIZE;
534
+	dlginfo->uuid.len = _puadi_sruid.uid.len;
528 535
 
529 536
 	memcpy(dlginfo->from_uri.s, dlg->from_uri.s, dlg->from_uri.len);
530 537
 	memcpy(dlginfo->to_uri.s, dlg->to_uri.s, dlg->to_uri.len);
... ...
@@ -532,13 +539,7 @@ struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type, int disable
532 539
 	memcpy(dlginfo->from_tag.s, dlg->tag[0].s, dlg->tag[0].len);
533 540
 	memcpy(dlginfo->req_uri.s, dlg->req_uri.s, dlg->req_uri.len);
534 541
 	memcpy(dlginfo->from_contact.s, dlg->contact[0].s, dlg->contact[0].len);
535
-
536
-	// generate new random uuid
537
-	sruid_next_safe(&_puadi_sruid);
538
-	strcpy(dlginfo->uuid.s, _puadi_sruid.uid.s);
539
-	dlginfo->uuid.len = _puadi_sruid.uid.len;
540
-	LM_DBG("uuid generated: '%.*s'\n",
541
-		dlginfo->uuid.len, dlginfo->uuid.s);
542
+	memcpy(dlginfo->uuid.s, _puadi_sruid.uid.s, _puadi_sruid.uid.len);
542 543
 
543 544
 	if (use_pubruri_avps) {
544 545
 		if(type==DLGCB_CREATED) {
... ...
@@ -858,6 +859,22 @@ static int mod_init(void)
858 859
 	return 0;
859 860
 }
860 861
 
862
+/**
863
+ * @brief Initialize module children
864
+ */
865
+static int child_init(int rank)
866
+{
867
+	if(sruid_init(&_puadi_sruid, (char)'-', "padi", SRUID_INC)<0) {
868
+		return -1;
869
+	}
870
+
871
+	if(rank != PROC_MAIN) {
872
+		return 0;
873
+	}
874
+
875
+	return 0;
876
+}
877
+
861 878
 void free_dlginfo_cell(void *param) {
862 879
 
863 880
 	struct dlginfo_cell *cell = NULL;