Browse code

core: tcp - proper handling of '\n-' sequence for detecting end of MSRP frame

- in some cases it could go in wrong reading MSRP state
- reported by Gavin Llewellyn

Daniel-Constantin Mierla authored on 09/11/2012 10:03:46
Showing 1 changed files
... ...
@@ -934,14 +934,16 @@ int tcp_read_headers(struct tcp_connection *c, int* read_flags)
934 934
 					if(r->pos - r->start < 10) {
935 935
 						LM_ERR("weird situation when reading MSRP frame"
936 936
 								" - continue reading\n");
937
+						/* *p=='\n' */
938
+						r->state=H_MSRP_BODY_LF;
937 939
 						p++;
938
-						r->state=H_MSRP_BODY;
939 940
 						break;
940 941
 					}
941 942
 					if(*(p-1)!='\r') {
942 943
 						/* not ending in '\r\n' - not end-line */
944
+						/* *p=='\n' */
945
+						r->state=H_MSRP_BODY_LF;
943 946
 						p++;
944
-						r->state=H_MSRP_BODY;
945 947
 						break;
946 948
 					}
947 949
 					/* locate transaction id in first line
... ...
@@ -956,16 +958,18 @@ int tcp_read_headers(struct tcp_connection *c, int* read_flags)
956 956
 							p - 1 /*\r*/ - 1 /* '+'|'#'|'$' */ - mtransid.len,
957 957
 							mtransid.len)!=0) {
958 958
 						/* no match on session id - not end-line */
959
+						/* *p=='\n' */
960
+						r->state=H_MSRP_BODY_LF;
959 961
 						p++;
960
-						r->state=H_MSRP_BODY;
961 962
 						break;
962 963
 					}
963 964
 					if(memcmp(p - 1 /*\r*/ - 1 /* '+'|'#'|'$' */ - mtransid.len
964 965
 								- 7 /* 7 x '-' */ - 1 /* '\n' */, "\n-------",
965 966
 								8)!=0) {
966 967
 						/* no match on "\n-------" - not end-line */
968
+						/* *p=='\n' */
969
+						r->state=H_MSRP_BODY_LF;
967 970
 						p++;
968
-						r->state=H_MSRP_BODY;
969 971
 						break;
970 972
 					}
971 973
 					r->state=H_MSRP_FINISH;