Browse code

Merge branch 'master' of ssh://tirpi@git.sip-router.org/sip-router

* 'master' of ssh://tirpi@git.sip-router.org/sip-router:
* Fixed pua module memory leak. Credits to Anca Vamanu.
fix k bug #2790184, crash related to uninitialized match_callid parameter

Miklos Tirpak authored on 13/05/2009 13:06:07
Showing 2 changed files
... ...
@@ -114,10 +114,11 @@ int pres_process_body(publ_info_t* publ, str** fin_body, int ver, str** tuple_pa
114 114
 		LM_ERR("while extracting tuple node\n");
115 115
 		goto error;
116 116
 	}
117
+	tuple= *(tuple_param);
118
+
117 119
 	tuple_id= xmlNodeGetAttrContentByName(node, "id");
118 120
 	if(tuple_id== NULL)
119 121
 	{
120
-		tuple= *(tuple_param);
121 122
 
122 123
 		if(tuple== NULL)	// generate a tuple_id
123 124
 		{
... ...
@@ -144,7 +145,6 @@ int pres_process_body(publ_info_t* publ, str** fin_body, int ver, str** tuple_pa
144 144
 			alloc_tuple= 1;
145 145
 
146 146
 			LM_DBG("allocated tuple_id\n\n");
147
-
148 147
 		}
149 148
 		else
150 149
 		{
... ...
@@ -152,7 +152,7 @@ int pres_process_body(publ_info_t* publ, str** fin_body, int ver, str** tuple_pa
152 152
 			tuple_id_len= tuple->len;
153 153
 			memcpy(tuple_id, tuple->s, tuple_id_len);
154 154
 			tuple_id[tuple_id_len]= '\0';
155
-		}	
155
+		}
156 156
 		/* add tuple id */
157 157
 		if(!xmlNewProp(node, BAD_CAST "id", BAD_CAST tuple_id))
158 158
 		{
... ...
@@ -184,10 +184,10 @@ int pres_process_body(publ_info_t* publ, str** fin_body, int ver, str** tuple_pa
184 184
 			}
185 185
 			memcpy(tuple->s, tuple_id, tuple_id_len);
186 186
 			tuple->len= tuple_id_len;
187
+			*tuple_param= tuple;
187 188
 			alloc_tuple= 1;
188
-
189
-		}	
190
-	}	
189
+		}
190
+	}
191 191
 
192 192
 	node= xmlDocGetNodeByName(doc, "person", NULL);
193 193
 	if(node)
... ...
@@ -179,6 +179,7 @@ int registered(struct sip_msg* _m, char* _t, char* _s)
179 179
 	urecord_t* r;
180 180
 	ucontact_t* ptr;
181 181
 	int res;
182
+	int_str match_callid;
182 183
 
183 184
 	if (_m->new_uri.s) uri = _m->new_uri;
184 185
 	else uri = _m->first_line.u.request.uri;
... ...
@@ -199,12 +200,15 @@ int registered(struct sip_msg* _m, char* _t, char* _s)
199 199
 
200 200
 	if (res == 0) {
201 201
 		
202
-		int_str match_callid;
203 202
 		if (reg_callid_avp_name.n) {
204 203
 			struct usr_avp *avp =
205 204
 				search_first_avp( reg_callid_avp_type, reg_callid_avp_name, &match_callid, 0);
206 205
 			if (!(avp && is_avp_str_val(avp)))
207
-				match_callid=(int_str)0;
206
+				match_callid.n = 0;
207
+				match_callid.s.s = NULL;
208
+		} else {
209
+			match_callid.n = 0;
210
+			match_callid.s.s = NULL;
208 211
 		}
209 212
 
210 213
 		for (ptr = r->contacts; ptr; ptr = ptr->next) {