Browse code

mi_rpc: init structures to avoid access to invalid content in case of errors

(cherry picked from commit f609a83e58eccae409a5966a002edba389bbc372)

Daniel-Constantin Mierla authored on 02/11/2016 22:37:43
Showing 1 changed files
... ...
@@ -496,25 +496,28 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
496 496
 	struct binrpc_handle rpc_handle;
497 497
 	struct binrpc_response_handle resp_handle;
498 498
 	int i;
499
-	
499
+
500 500
 	str *fn;
501 501
 	struct mi_node *node;
502 502
 	char *command = NULL;
503 503
 	int param_count = 0;
504 504
 	char **parameters = NULL;
505 505
 	struct mi_root* result;
506
-	
506
+
507 507
 	int resp_type;
508 508
 	int resp_code;
509 509
 	char *resp;
510 510
 
511
-	/* response will be malloced by binrpc_response_to_text. 
511
+	/* response will be malloced by binrpc_response_to_text.
512 512
 	   We do not free it. It must remain after this call.
513 513
 	   It will be reused by subsequent calls */
514 514
 	static unsigned char *response = NULL;
515 515
 	static int resp_len = 0;
516
-	
517
-	if (binrpc_open_connection_url(&rpc_handle, rpc_url) != 0) 
516
+
517
+	memset(&rpc_handle, 0, sizeof(struct binrpc_handle));
518
+	memset(&resp_handle, 0, sizeof(struct binrpc_response_handle));
519
+
520
+	if (binrpc_open_connection_url(&rpc_handle, rpc_url) != 0)
518 521
 	{
519 522
 		LM_ERR( "Open connect to %s failed\n", rpc_url);
520 523
 		result = init_mi_tree( 500, (char *)CONNECT_FAILED, strlen(CONNECT_FAILED) );
... ...
@@ -527,12 +530,12 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
527 530
 		return( init_mi_tree( 400, MI_MISSING_PARM_S, MI_MISSING_PARM_LEN ));
528 531
 
529 532
 	fn = &node->value;
530
-	
533
+
531 534
 	/* find_rpc_exports needs 0 terminated strings */
532 535
 	command = pkg_malloc(fn->len+1);
533 536
     memcpy(command, fn->s, fn->len);
534 537
 	command[fn->len] = '\0';
535
-	
538
+
536 539
 	/* Count the parameters. */
537 540
 	node = node->next;
538 541
 	while (node) {
... ...
@@ -564,9 +567,9 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
564 567
 		result = init_mi_tree( 500, (char *)FAILED, strlen(FAILED) );
565 568
 		goto end;
566 569
 	}
567
-	
570
+
568 571
 	resp_type = binrpc_get_response_type(&resp_handle);
569
-	
572
+
570 573
 	/* If we already have a buffer make it NULL terminated to discard any previous content */
571 574
 	if (resp_len > 0)
572 575
 		response[0]='\0';
... ...
@@ -582,12 +585,12 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
582 585
 				/* Some functions don't give a text answer; use a default */
583 586
 				result = init_mi_tree( 200, MI_OK_S, MI_OK_LEN );
584 587
 			break;
585
-			
588
+
586 589
 		case 1:
587 590
 			/* Valid failure */
588 591
 			binrpc_parse_error_response(&resp_handle, &resp_code, &resp);
589 592
 			if (resp_len < strlen(resp) + 1)
590
-			{ 
593
+			{
591 594
 				if (resp_len==0)
592 595
 					response = malloc(strlen(resp) + 1);
593 596
 				else
... ...
@@ -601,7 +604,7 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
601 604
 				/* Some functions don't give a text answer; use a default */
602 605
 				result = init_mi_tree( resp_code, (char *)FAILED, strlen(FAILED) );
603 606
 			break;
604
-			
607
+
605 608
 		default:
606 609
 			result = init_mi_tree( 500, (char *)FAILED, strlen(FAILED) );
607 610
 			goto end;
... ...
@@ -610,7 +613,7 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
610 613
 end:
611 614
 	if (param_count > 0)
612 615
 	{
613
-		for (i=0; i<param_count; i++) 
616
+		for (i=0; i<param_count; i++)
614 617
 		{
615 618
 			pkg_free(parameters[i]);
616 619
 		}