Browse code

- fixed rport overwritting bugs

Andrei Pelinescu-Onciul authored on 24/01/2003 19:18:59
Showing 3 changed files
... ...
@@ -225,8 +225,8 @@ char* rport_builder(struct sip_msg *msg, unsigned int *rport_len)
225 225
 	
226 226
 	tmp_len=0;
227 227
 	tmp=int2str(ntohs(msg->rcv.src_port), &tmp_len);
228
-	len=RPORT_LEN+tmp_len+1; /* space for null term */
229
-	buf=pkg_malloc(sizeof(char)*len);
228
+	len=RPORT_LEN+tmp_len; /* space for null term */
229
+	buf=pkg_malloc(sizeof(char)*(len+1));
230 230
 	if (buf==0){
231 231
 		ser_error=E_OUT_OF_MEM;
232 232
 		LOG(L_ERR, "ERROR: rport_builder: out of memory\n");
... ...
@@ -234,7 +234,7 @@ char* rport_builder(struct sip_msg *msg, unsigned int *rport_len)
234 234
 	}
235 235
 	memcpy(buf, RPORT, RPORT_LEN);
236 236
 	memcpy(buf+RPORT_LEN, tmp, tmp_len);
237
-	buf[len]=0; /*null terminate it*/
237
+	buf[len+1]=0; /*null terminate it*/
238 238
 	
239 239
 	*rport_len=len;
240 240
 	return buf;
... ...
@@ -257,8 +257,8 @@ char* id_builder(struct sip_msg* msg, unsigned int *id_len)
257 257
 		return 0;
258 258
 	}
259 259
 	value_len=p-&revhex[0];
260
-	len=ID_PARAM_LEN+value_len+1; /* place for ending \0 */
261
-	buf=pkg_malloc(sizeof(char)*len);
260
+	len=ID_PARAM_LEN+value_len; /* place for ending \0 */
261
+	buf=pkg_malloc(sizeof(char)*(len+1));
262 262
 	if (buf==0){
263 263
 		ser_error=E_OUT_OF_MEM;
264 264
 		LOG(L_ERR, "ERROR: rport_builder: out of memory\n");
... ...
@@ -266,7 +266,7 @@ char* id_builder(struct sip_msg* msg, unsigned int *id_len)
266 266
 	}
267 267
 	memcpy(buf, ID_PARAM, ID_PARAM_LEN);
268 268
 	memcpy(buf+ID_PARAM_LEN, revhex, value_len);
269
-	buf[len]=0; /* null terminate it */
269
+	buf[len+1]=0; /* null terminate it */
270 270
 	*id_len=len;
271 271
 	return buf;
272 272
 }
... ...
@@ -567,7 +567,7 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
567 567
 	/* if rport needs to be updated, delete it and add it's value */
568 568
 	if (rport_len){
569 569
 		anchor=del_lump(&(msg->add_rm), msg->via1->rport->name.s-buf-1, /*';'*/
570
-							msg->via1->rport->name.len, HDR_VIA);
570
+							msg->via1->rport->size+1 /* ; */, HDR_VIA);
571 571
 		if (anchor==0) goto error03; /* free rport_buf*/
572 572
 		if (insert_new_lump_after(anchor, rport_buf, rport_len, HDR_VIA)==0)
573 573
 			goto error03; /* free rport_buf*/
... ...
@@ -159,6 +159,7 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
159 159
 			case '\n':
160 160
 				switch(state){
161 161
 					case FIN_HIDDEN:
162
+					case FIN_RPORT:
162 163
 						*tmp=0;
163 164
 						param->type=state;
164 165
 						param->name.len=tmp-param->name.s;
... ...
@@ -169,7 +170,6 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
169 170
 					case FIN_TTL:
170 171
 					case FIN_MADDR:
171 172
 					case FIN_RECEIVED:
172
-					case FIN_RPORT:
173 173
 					case FIN_I:
174 174
 						*tmp=0;
175 175
 						param->type=state;
... ...
@@ -201,6 +201,7 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
201 201
 			case '\r':
202 202
 				switch(state){
203 203
 					case FIN_HIDDEN:
204
+					case FIN_RPORT:
204 205
 						*tmp=0;
205 206
 						param->type=state;
206 207
 						param->name.len=tmp-param->name.s;
... ...
@@ -211,7 +212,6 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
211 212
 					case FIN_TTL:
212 213
 					case FIN_MADDR:
213 214
 					case FIN_RECEIVED:
214
-					case FIN_RPORT:
215 215
 					case FIN_I:
216 216
 						*tmp=0;
217 217
 						param->type=state;
... ...
@@ -1767,8 +1767,7 @@ parse_again:
1767 1767
 								break;
1768 1768
 							case END_OF_HEADER:
1769 1769
 								vb->params.len=tmp-vb->params.s;
1770
-								state=saved_state;
1771
-								goto endofheader;
1770
+								break;
1772 1771
 							case PARAM_ERROR:
1773 1772
 								pkg_free(param);
1774 1773
 								goto error;
... ...
@@ -1791,6 +1790,11 @@ parse_again:
1791 1790
 							vb->rport=param;
1792 1791
 						else if (param->type==PARAM_I)
1793 1792
 							vb->i=param;
1793
+						
1794
+						if (state==END_OF_HEADER){
1795
+							state=saved_state;
1796
+							goto endofheader;
1797
+						}
1794 1798
 						break;
1795 1799
 					case P_PARAM:
1796 1800
 						break;
... ...
@@ -1,5 +1,5 @@
1 1
 INVITE sip:7170@iptel.org SIP/2.0
2
-Via: SIP/2.0/UDP 195.37.77.100:5040
2
+Via: SIP/2.0/UDP 195.37.77.100:5040;  rport
3 3
 Max-Forwards: 10
4 4
 From: "jiri" <sip:jiri@iptel.org>;tag=76ff7a07-c091-4192-84a0-d56e91fe104f
5 5
 To: <sip:jiri@bat.iptel.org>