Browse code

core: parse_to_param() check for end of data on escape or start of value

(cherry picked from commit 17a2eec2a8e47939782c1352ddb0fa4d3e73f9d8)
(cherry picked from commit 92083402b2768b0ab81072feefd94bf754730e7f)
(cherry picked from commit d94bed817ffd389b5e528c124e2a8417aed1cfef)

Daniel-Constantin Mierla authored on 09/09/2021 07:05:54 • Henning Westerholt committed on 22/10/2021 12:12:33
Showing 1 changed files
... ...
@@ -225,6 +225,12 @@ static char *parse_to_param(char *const buffer, const char *const end,
225 225
 			case '\\':
226 226
 				switch(status) {
227 227
 					case PARA_VALUE_QUOTED:
228
+						if(tmp+1>=end) {
229
+							LM_ERR("unexpected end of data in status %d - start: %p"
230
+									" - end: %p - crt: %p\n",
231
+								status, buffer, end , tmp);
232
+							goto error;
233
+						}
228 234
 						switch(*(tmp + 1)) {
229 235
 							case '\r':
230 236
 							case '\n':
... ...
@@ -241,6 +247,12 @@ static char *parse_to_param(char *const buffer, const char *const end,
241 247
 			case '"':
242 248
 				switch(status) {
243 249
 					case S_PARA_VALUE:
250
+						if(tmp+1>=end) {
251
+							LM_ERR("unexpected end of data in status %d - start: %p"
252
+									" - end: %p - crt: %p\n",
253
+								status, buffer, end , tmp);
254
+							goto error;
255
+						}
244 256
 						param->value.s = tmp + 1;
245 257
 						status = PARA_VALUE_QUOTED;
246 258
 						break;