From fe6dd5b23a5c76b836cdd5ef2c387cde954a274b Mon Sep 17 00:00:00 2001 From: Terry Wilson Date: Mon, 17 Oct 2011 17:36:45 +0000 Subject: [PATCH] Initialize variables before calling parse_uri If parse_uri was called with an empty URI, some pointers would be modified and an invalid read could result. This patch avoids calling parse_uri with an empty contact uri when parsing REGISTER requests. AST-2011-012 (closes issue ASTERISK-18668) ........ Merged revisions 341189 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@341190 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_sip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 17ec5793a9..b929486457 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -13794,7 +13794,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st char data[SIPBUFSIZE]; const char *expires = sip_get_header(req, "Expires"); int expire = atoi(expires); - char *curi, *domain, *transport; + char *curi = NULL, *domain = NULL, *transport = NULL; int transport_type; const char *useragent; struct ast_sockaddr oldsin, testsa; @@ -13872,7 +13872,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st ast_string_field_build(pvt, our_contact, "<%s>", curi); /* Make sure it's a SIP URL */ - if (parse_uri_legacy_check(curi, "sip:,sips:", &curi, NULL, &domain, &transport)) { + if (ast_strlen_zero(curi) || parse_uri_legacy_check(curi, "sip:,sips:", &curi, NULL, &domain, &transport)) { ast_log(LOG_NOTICE, "Not a valid SIP contact (missing sip:/sips:) trying to use anyway\n"); }