Browse code

- removed -fPIC -DPIC from the Makefile (see comments) - fixed a memory leak in do_action/forward uri - fixed parse_cseq (still buggy, but a little bit better :)) - added error if header name does not end on 1 line (parse_hname) - fixed mem. leak in parse_via (if bad param)

Andrei Pelinescu-Onciul authored on 06/12/2001 20:43:05
Showing 6 changed files
... ...
@@ -35,7 +35,7 @@ NAME=ser
35 35
 #                  twice, trying to free a pointer alloc'ed with a different
36 36
 #                  malloc etc.)
37 37
 DEFS=-DTHREAD -DNOCR -DMACROEATER -DDNS_IP_HACK  -DSHM_MEM \
38
-	 -DPKG_MALLOC #-DDBG_QM_MALLOC -DNO_DEBUG
38
+	 -DPKG_MALLOC -DDBG_QM_MALLOC #-DNO_DEBUG
39 39
 # -DUSE_SHM_MEM
40 40
 #-DNO_DEBUG 
41 41
 #-DPKG_MALLOC
... ...
@@ -43,8 +43,8 @@ DEFS=-DTHREAD -DNOCR -DMACROEATER -DDNS_IP_HACK  -DSHM_MEM \
43 43
 #-DNO_LOG
44 44
 
45 45
 PROFILE=  # -pg #set this if you want profiling
46
-mode = debug
47
-#mode = release
46
+#mode = debug
47
+mode = release
48 48
 
49 49
 # platform dependent settings
50 50
 
... ...
@@ -79,8 +79,7 @@ int do_action(struct action* a, struct sip_msg* msg)
79 79
 													"forward: bad port in "
80 80
 													"uri: <%s>\n", uri.port);
81 81
 											ret=E_UNSPEC;
82
-											free_uri(&uri);
83
-											goto skip;
82
+											goto error_fwd_uri;
84 83
 										}
85 84
 									}else port=SIP_PORT;
86 85
 									break;
... ...
@@ -90,11 +89,17 @@ int do_action(struct action* a, struct sip_msg* msg)
90 89
 					default:
91 90
 							LOG(L_CRIT, "BUG: do_action bad forward 2nd"
92 91
 										" param type (%d)\n", a->p2_type);
93
-							free_uri(&uri);
94
-							goto skip;
92
+							ret=E_UNSPEC;
93
+							goto error_fwd_uri;
95 94
 				}
96 95
 				/* create a temporary proxy*/
97 96
 				p=mk_proxy(uri.host.s, port);
97
+				if (p==0){
98
+					LOG(L_ERR, "ERROR:  bad host name in uri,"
99
+							" dropping packet\n");
100
+					ret=E_BAD_ADDRESS;
101
+					goto error_fwd_uri;
102
+				}
98 103
 				ret=forward_request(msg, p);
99 104
 				free_uri(&uri);
100 105
 				free_proxy(p); /* frees only p content, not p itself */
... ...
@@ -362,6 +367,9 @@ error_uri:
362 367
 	free_uri(&uri);
363 368
 	if (new_uri) free(new_uri);
364 369
 	return E_UNSPEC;
370
+error_fwd_uri:
371
+	free_uri(&uri);
372
+	return ret;
365 373
 }
366 374
 
367 375
 
... ...
@@ -315,7 +315,7 @@ char* parse_hostport(char* buf, str* host, short int* port)
315 315
 /*BUGGY*/
316 316
 char * parse_cseq(char *buf, char* end, struct cseq_body* cb)
317 317
 {
318
-	char *t;
318
+	char *t, *m, *m_end;
319 319
 	char c;
320 320
 
321 321
 	cb->error=PARSE_ERROR;
... ...
@@ -325,17 +325,24 @@ char * parse_cseq(char *buf, char* end, struct cseq_body* cb)
325 325
 	cb->number.s=t;
326 326
 	t=eat_token_end(t, end);
327 327
 	if (t>=end) goto error;
328
+	m=eat_space_end(t, end);
329
+	m_end=eat_token_end(m, end);
328 330
 	*t=0; /*null terminate it*/
329 331
 	cb->number.len=t-cb->number.s;
330
-	t++;
331
-	t=eat_space_end(t, end);
332
-	if (t>=end) goto error;
333
-	cb->method.s=t;
334
-	t=eat_token_end(t, end);
335
-	if (t>=end) goto error;
332
+	DBG("parse_cseq: found number %s\n", cb->number.s);
333
+	
334
+	if (m_end>=end) goto error;
335
+	if (m_end==m){
336
+		/* null method*/
337
+		LOG(L_ERR,  "ERROR:parse_cseq: no method found\n");
338
+		goto error;
339
+	}
340
+	cb->method.s=m;
341
+	t=m_end;
336 342
 	c=*t;
337 343
 	*t=0; /*null terminate it*/
338 344
 	cb->method.len=t-cb->method.s;
345
+	DBG("parse_cseq: found method %s\n", cb->method.s);
339 346
 	t++;
340 347
 	/*check if the header ends here*/
341 348
 	if (c=='\n') goto check_continue;
... ...
@@ -513,6 +520,7 @@ int parse_uri(char *buf, int len, struct sip_uri* uri)
513 520
 	
514 521
 	return ret;
515 522
 error:
523
+	free_uri(uri);
516 524
 	return ret;
517 525
 }
518 526
 
... ...
@@ -542,11 +550,11 @@ int parse_headers(struct sip_msg* msg, int flags)
542 550
 	DBG("parse_headers: flags=%d\n", flags);
543 551
 	while( tmp<end && (flags & msg->parsed_flag) != flags){
544 552
 		hf=pkg_malloc(sizeof(struct hdr_field));
545
-		memset(hf,0, sizeof(struct hdr_field));
546 553
 		if (hf==0){
547 554
 			LOG(L_ERR, "ERROR:parse_headers: memory allocation error\n");
548 555
 			goto error;
549 556
 		}
557
+		memset(hf,0, sizeof(struct hdr_field));
550 558
 		hf->type=HDR_ERROR;
551 559
 		rest=get_hdr_field(tmp, msg->buf+msg->len, hf);
552 560
 		switch (hf->type){
... ...
@@ -488,6 +488,11 @@ char* parse_hname(char* p, char* end, struct hdr_field* hdr)
488 488
 								goto error;
489 489
 						}
490 490
 						break;
491
+						
492
+			case '\n':
493
+			case '\r': /*not allowed in hname*/
494
+						goto error;
495
+			
491 496
 			default:
492 497
 					switch(state){
493 498
 						case INITIAL:
... ...
@@ -1603,6 +1603,7 @@ main_via:
1603 1603
 								state=saved_state;
1604 1604
 								goto endofheader;
1605 1605
 							case PARAM_ERROR:
1606
+								pkg_free(param);
1606 1607
 								goto error;
1607 1608
 							default:
1608 1609
 								LOG(L_ERR, "ERROR: parse_via after"
... ...
@@ -77,6 +77,7 @@ int receive_msg(char* buf, unsigned int len, unsigned long src_ip)
77 77
 					"error while trying script\n");
78 78
 			goto error;
79 79
 		}
80
+		DBG("succesfully ran routing scripts...\n");
80 81
 #ifdef STATS
81 82
 		/* jku -- update request statistics  */
82 83
 		else update_received_request(msg->first_line.u.request.method_value );
... ...
@@ -115,6 +116,7 @@ int receive_msg(char* buf, unsigned int len, unsigned long src_ip)
115 116
 skip:
116 117
 	DBG("skip:...\n");
117 118
 */
119
+	DBG("receive_msg: cleaning up\n");
118 120
 	free_sip_msg(msg);
119 121
 	pkg_free(msg);
120 122
 #ifdef STATS