sipwise
/
kamailio
mirror of https://github.com/sipwise/kamailio.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fixes r10764

Browse Source 
extract_body returns a string length without the trailing \r\n, which makes
blind appending to the end without checking safe
remotes/origin/3.3+ngcp2.6
Richard Fuchs 13 years ago
parent 68ced2208f
commit 03dd02fb70
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File

9
modules_k/nathelper/nathelper.c
Unescape View File

@ -1392,13 +1392,8 @@ fix_nated_sdp_f(struct sip_msg* msg, char* str1, char* str2)
m_start += 4;
rest_len = body.len - (m_start - body.s);
m_start = m_end = ser_memmem(m_start, "\r\nm=", rest_len, 4);
if (!m_end) {
m_end = body.s + body.len - 2;
if (memcmp(m_end, "\r\n", 2) != 0) {
LM_ERR("SDP body is missing trailing CRLF\n");
return -1;
}
}
if (!m_end)
m_end = body.s + body.len; /* just before the final \r\n */
anchor = anchor_lump(msg, m_end - msg->buf, 0, 0);
if (anchor == NULL) {
LM_ERR("anchor_lump failed\n");

Write Preview
Loading…
Cancel
Save