Browse code

- fix potential buffer overflow - fix cleanup in case of error - fix winfo NOTIFY body generation (if a module registeres only the .winfo type without the corresponding event, the module will segfault)

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@4834 689a6050-402a-0410-94f2-e92a70836424

Klaus Darilion authored on 04/09/2008 12:49:36
Showing 2 changed files
... ...
@@ -188,16 +188,26 @@ int add_event(pres_ev_t* event)
188 188
 		wipeer_name.s= event->name.s;
189 189
 		wipeer_name.len= sep - event->name.s;
190 190
 		ev->wipeer= contains_event(&wipeer_name, NULL);
191
+		if (ev->wipeer) {
192
+			LM_DBG("Found wipeer event [%.*s] for event [%.*s]\n",wipeer_name.len,wipeer_name.s,event->name.len,event->name.s);
193
+		}
191 194
 	}
192 195
 	else
193 196
 	{	
194 197
 		ev->type= PUBL_TYPE;
198
+		if (event->name.len + 6 > 50) {
199
+			LM_ERR("buffer too small\n");
200
+			goto error;
201
+		}
195 202
 		wipeer_name.s= buf;
196 203
 		memcpy(wipeer_name.s, event->name.s, event->name.len);
197 204
 		wipeer_name.len= event->name.len;
198 205
 		memcpy(wipeer_name.s+ wipeer_name.len, ".winfo", 6);
199 206
 		wipeer_name.len+= 6;
200 207
 		ev->wipeer= contains_event(&wipeer_name, NULL);
208
+		if (ev->wipeer) {
209
+			LM_DBG("Found wipeer event [%.*s] for event [%.*s]\n",wipeer_name.len,wipeer_name.s,event->name.len,event->name.s);
210
+		}
201 211
 	}
202 212
 	
203 213
 	if(ev->wipeer)	
... ...
@@ -246,6 +256,8 @@ void free_pres_event(pres_ev_t* ev)
246 256
 		shm_free(ev->name.s);
247 257
 	if(ev->content_type.s)
248 258
 		shm_free(ev->content_type.s);
259
+	if(ev->wipeer)
260
+		ev->wipeer->wipeer = 0;
249 261
 	shm_free_event(ev->evp);
250 262
 	shm_free(ev);
251 263
 
... ...
@@ -373,6 +373,12 @@ str* get_wi_notify_body(subs_t* subs, subs_t* watcher_subs)
373 373
 	subs_t* s= NULL;
374 374
 	int state = FULL_STATE_FLAG;
375 375
 
376
+	if(!subs->event->wipeer) {
377
+		LM_ERR("can not create NOTIFY body as wipeer not defined for event [%.*s]\n ",
378
+			subs->event->name.len, subs->event->name.s);
379
+		return NULL;
380
+	}
381
+
376 382
 	hash_code = 0;
377 383
 	version_str = int2str(subs->version, &len);
378 384
 	if(version_str ==NULL)