[prev in list] [next in list] [prev in thread] [next in thread]
List: sr-dev
Subject: [sr-dev] git:master:db3b9dbd: tm: crash on memcpy fix
From: Roman Romanchenko <rromanchenko () sipwise ! com>
Date: 2018-08-31 9:24:42
Message-ID: E1fvffW-00010c-TC () www ! kamailio ! org
[Download RAW message or body]
Module: kamailio
Branch: master
Commit: db3b9dbd48f7bb74abf08b0e97bcac15015df719
URL: https://github.com/kamailio/kamailio/commit/db3b9dbd48f7bb74abf08b0e97bcac15015df719
Author: Roman Romanchenko <rromanchenko@sipwise.com>
Committer: Roman Romanchenko <rromanchenko@sipwise.com>
Date: 2018-08-31T12:02:43+03:00
tm: crash on memcpy fix
- in some cases tag is not initialized and lead to crash.
Memory pointer check before writing to added.
---
Modified: src/modules/tm/t_reply.c
---
Diff: https://github.com/kamailio/kamailio/commit/db3b9dbd48f7bb74abf08b0e97bcac15015df719.diff
Patch: https://github.com/kamailio/kamailio/commit/db3b9dbd48f7bb74abf08b0e97bcac15015df719.patch
---
diff --git a/src/modules/tm/t_reply.c b/src/modules/tm/t_reply.c
index 474851aa7c..f53625e833 100644
--- a/src/modules/tm/t_reply.c
+++ b/src/modules/tm/t_reply.c
@@ -299,6 +299,7 @@ inline static int update_totag_set(struct cell *t, struct sip_msg *ok)
for (i=t->fwded_totags; i; i=i->next) {
if (i->tag.len==tag->len
+ && i->tag.s
&& memcmp(i->tag.s, tag->s, tag->len) ==0 ){
/* to tag already recorded */
LM_DBG("to-tag retransmission\n");
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic