Browse code

topos: restore checks on uri and sip_params for tps_dlg_message_update()

- use define for expected min len safety checks

(cherry picked from commit 1d6736d16ab3a83b77d6c7be3f9689c7fbfccf28)

Daniel-Constantin Mierla authored on 26/04/2021 11:49:42
Showing 1 changed files
... ...
@@ -309,17 +309,18 @@ int tps_dlg_message_update(sip_msg_t *msg, tps_data_t *ptsd, int ctmode)
309 309
 	str tuuid = STR_NULL;
310 310
 	int ret;
311 311
 
312
+#define TPS_TUUID_MIN_LEN 10
313
+
312 314
 	if(parse_sip_msg_uri(msg)<0) {
313 315
 		LM_ERR("failed to parse r-uri\n");
314 316
 		return -1;
315 317
 	}
316 318
 
317
-	if(msg->parsed_uri.sip_params.len<10) {
318
-		LM_DBG("not an expected %s format\n", (ctmode==0)?"user":"param");
319
-		return 1;
320
-	}
321
-
322 319
 	if (ctmode == 1 || ctmode == 2) {
320
+		if(msg->parsed_uri.sip_params.len<TPS_TUUID_MIN_LEN) {
321
+			LM_DBG("not an expected param format\n");
322
+			return 1;
323
+		}
323 324
 		/* find the r-uri parameter */
324 325
 		ret = tps_get_param_value(&msg->parsed_uri.params,
325 326
 			&_tps_cparam_name, &tuuid);
... ...
@@ -332,6 +333,10 @@ int tps_dlg_message_update(sip_msg_t *msg, tps_data_t *ptsd, int ctmode)
332 333
 			return 1;
333 334
 		}
334 335
 	} else {
336
+		if(msg->parsed_uri.user.len<TPS_TUUID_MIN_LEN) {
337
+			LM_DBG("not an expected user format\n");
338
+			return 1;
339
+		}
335 340
 		tuuid = msg->parsed_uri.user;
336 341
 	}
337 342