Browse code

core: dns - safety checks for port and proto

(cherry picked from commit 6d46ec71f941b9db9c06c6c2edac14fc9f3d1074)

Daniel-Constantin Mierla authored on 11/04/2021 07:09:24
Showing 2 changed files
... ...
@@ -3011,25 +3011,30 @@ inline static int dns_srv_resolve_ip(struct dns_srv_handle* h,
3011 3011
 {
3012 3012
 	int ret;
3013 3013
 	str host;
3014
+	unsigned short vport;
3014 3015
 
3015 3016
 	host.len=0;
3016 3017
 	host.s=0;
3018
+	if(port) vport =*port;
3019
+	else vport = 0;
3020
+
3017 3021
 	do{
3018 3022
 		if (h->a==0){
3019 3023
 #ifdef DNS_SRV_LB
3020 3024
 			if ((ret=dns_srv_resolve_nxt(&h->srv,
3021 3025
 								(flags & DNS_SRV_RR_LB)?&h->srv_tried_rrs:0,
3022 3026
 								&h->srv_no,
3023
-								name, &host, port))<0)
3027
+								name, &host, &vport))<0)
3024 3028
 				goto error;
3025 3029
 #else
3026 3030
 			if ((ret=dns_srv_resolve_nxt(&h->srv, &h->srv_no,
3027
-								name, &host, port))<0)
3031
+								name, &host, &vport))<0)
3028 3032
 				goto error;
3029 3033
 #endif
3030
-			h->port=*port; /* store new port */
3034
+			h->port=vport; /* store new port */
3035
+			if(port) *port=vport;
3031 3036
 		}else{
3032
-			*port=h->port; /* return the stored port */
3037
+			if(port) *port=h->port; /* return the stored port */
3033 3038
 		}
3034 3039
 		if ((ret=dns_ip_resolve(&h->a, &h->ip_no, &host, ip, flags))<0){
3035 3040
 			/* couldn't find any good ip for this record, try the next one */
... ...
@@ -3257,6 +3262,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
3257 3262
 	char n_proto, origproto;
3258 3263
 	str srv_name;
3259 3264
 	int ret;
3265
+	int res;
3260 3266
 	int try_lookup_naptr = 0;
3261 3267
 
3262 3268
 	ret=-E_DNS_NO_NAPTR;
... ...
@@ -3302,7 +3308,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
3302 3308
 
3303 3309
 	if (!try_lookup_naptr) {
3304 3310
 		if(proto) *proto=origproto;
3305
-		int res = dns_srv_sip_resolve(h, name, ip, port, proto, flags);
3311
+		res = dns_srv_sip_resolve(h, name, ip, port, proto, flags);
3306 3312
 		if (res) {
3307 3313
 			mark_skip_current_naptr(e->rr_lst, h->srv);
3308 3314
 			if (have_more_active_naptr(e->rr_lst)) {
... ...
@@ -3324,8 +3330,8 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
3324 3330
 				LM_DBG("(%.*s, %d, %d), srv0, ret=%d\n",
3325 3331
 								name->len, name->s, h->srv_no, h->ip_no, ret);
3326 3332
 				dns_hash_put(e);
3327
-				*proto=n_proto;
3328
-				h->proto=*proto;
3333
+				if(proto) *proto=n_proto;
3334
+				h->proto=n_proto;
3329 3335
 				return ret;
3330 3336
 			}
3331 3337
 		}
... ...
@@ -4130,7 +4136,9 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4130 4136
 		new_rr->rdata = (void*)((char*)new_rr+rr_size);
4131 4137
 		new_rr->expire = now + S_TO_TICKS(ttl);
4132 4138
 		/* link the rr to the previous one */
4133
-		last_rr->next = new_rr;
4139
+		if(last_rr) {
4140
+			last_rr->next = new_rr;
4141
+		}
4134 4142
 
4135 4143
 		/* fix the total_size and expires values */
4136 4144
 		new->total_size=rounded_size+rr_size+rdata_size;
... ...
@@ -4396,7 +4404,7 @@ int dns_cache_add_record(unsigned short type,
4396 4404
 
4397 4405
 				if (*rr_iter != new_rr->next) {
4398 4406
 					/* unlink rr from the list */
4399
-					*rr_p = (*rr_p)->next;
4407
+					*rr_p = (*rr_p)?(*rr_p)->next:NULL;
4400 4408
 					/* link it before *rr_iter */
4401 4409
 					new_rr->next = *rr_iter;
4402 4410
 					*rr_iter = new_rr;
... ...
@@ -1247,7 +1247,7 @@ struct hostent* srv_sip_resolvehost(str* name, int zt, unsigned short* port,
1247 1247
 	if (is_srv){
1248 1248
 		/* skip directly to srv resolving */
1249 1249
 		srv_proto=(proto)?*proto:0;
1250
-		*port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT;
1250
+		if(port) *port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT;
1251 1251
 		if (zt){
1252 1252
 			srv_target=name->s; /* name.s must be 0 terminated in
1253 1253
 								  this case */