From 9208860447af3f55fbfbf806eca955ce64f99084 Mon Sep 17 00:00:00 2001 From: Victor Seva Date: Tue, 20 Apr 2021 14:40:01 +0200 Subject: [PATCH] TT#119500 core: usr avp, fix from upstream Change-Id: I5fb366c03dc240cc91297f27ef29a7521b1f2c8f --- debian/patches/series | 2 +- ...ix-detection-of-invalid-name-and-ids.patch | 56 +++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 debian/patches/upstream/core-usr-avp-fix-detection-of-invalid-name-and-ids.patch diff --git a/debian/patches/series b/debian/patches/series index e2a8ea4e2..5eae9deb8 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -32,7 +32,7 @@ sipwise/sca-debug.patch sipwise/sca-fix-notify-after-bye.patch sipwise/sca-add-pai_avp-parameter.patch ## backports from upstream (5.4) -# +upstream/core-usr-avp-fix-detection-of-invalid-name-and-ids.patch ## upstream master (5.5) upstream/permissions-basic-safety-for-concurent-rpc-reload.patch upstream/permissions-add-reload_delta-parameter.patch diff --git a/debian/patches/upstream/core-usr-avp-fix-detection-of-invalid-name-and-ids.patch b/debian/patches/upstream/core-usr-avp-fix-detection-of-invalid-name-and-ids.patch new file mode 100644 index 000000000..ccf281e38 --- /dev/null +++ b/debian/patches/upstream/core-usr-avp-fix-detection-of-invalid-name-and-ids.patch @@ -0,0 +1,56 @@ +From 967dd294ba424bf66e27bebe4d6261e0c8a66471 Mon Sep 17 00:00:00 2001 +From: Daniel-Constantin Mierla +Date: Fri, 16 Apr 2021 09:44:24 +0200 +Subject: [PATCH] core: usr avp - fix detection of invalid name and ids + +- use the fields designated for str name or int id, code analyzers can +follow properly the execution path +- regression introduced in ca1821837dfe7dd6630f628d968ed4d1178c7040 + +(cherry picked from commit e4506385ca5a56d4861f36e85c1049599cba398f) +--- + src/core/usr_avp.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/core/usr_avp.c b/src/core/usr_avp.c +index e80e52d79d..8d8fa34603 100644 +--- a/src/core/usr_avp.c ++++ b/src/core/usr_avp.c +@@ -148,16 +148,11 @@ avp_t *create_avp (avp_flags_t flags, avp_name_t name, avp_value_t val) + struct str_str_data *ssd; + int len; + +- if (name.s.s == NULL || name.s.len == 0) { +- LM_ERR("0 ID or NULL NAME AVP!"); +- goto error; +- } +- + /* compute the required mem size */ + len = sizeof(struct usr_avp); + if (flags&AVP_NAME_STR) { + if ( name.s.s==0 || name.s.len==0) { +- LM_ERR("EMPTY NAME AVP!"); ++ LM_ERR("NULL or EMPTY NAME AVP!"); + goto error; + } + if (flags&AVP_VAL_STR) { +@@ -168,8 +163,14 @@ avp_t *create_avp (avp_flags_t flags, avp_name_t name, avp_value_t val) + len += sizeof(struct str_int_data)-sizeof(union usr_avp_data) + + name.s.len + 1; /* Terminating zero for regex search */ + } +- } else if (flags&AVP_VAL_STR) { +- len += sizeof(str)-sizeof(union usr_avp_data) + val.s.len + 1; ++ } else { ++ if(name.n==0) { ++ LM_ERR("0 ID AVP!"); ++ goto error; ++ } ++ if (flags&AVP_VAL_STR) { ++ len += sizeof(str)-sizeof(union usr_avp_data) + val.s.len + 1; ++ } + } + + avp = (struct usr_avp*)shm_malloc( len ); +-- +2.20.1 +