parse_to_param(): Rework previous fix (OSS-Fuzz)

Invoking strlen() on a non NULL-terminated buffer is equally bad, possibly even worse. Instead, simply rely on the @EnD parameter being correct, which is an assumption already made by the current code of the function. Fixes OSS-Fuzz#41073
OpenSIPS · Oct 4, 2022 · 51b908f · 51b908f
1 parent 90aa25e
commit 51b908f
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/parser/parse_to.c b/parser/parse_to.c
@@ -479,8 +479,7 @@ static inline char* parse_to_param(char *buffer, char *end,
 
 parse_error:
 	LM_ERR("unexpected char [%c] in status %d: <<%.*s>> .\n",
-	    tmp < end? *tmp : *(buffer+strlen(buffer)-1),status,
-	    (int)(tmp-buffer), ZSW(buffer));
+	    tmp < end? *tmp : *(end-1),status, (int)(tmp-buffer), ZSW(buffer));
 error:
 	if (param) pkg_free(param);
 	free_to_params(to_b);
@@ -817,8 +816,7 @@ static inline char* _parse_to(char* buffer, char *end, struct to_body *to_b,
 
 parse_error:
 	LM_ERR("unexpected char [%c] in status %d: <<%.*s>> .\n",
-	    tmp < end? *tmp : *(buffer+strlen(buffer)-1),
-	    status, (int)(tmp-buffer), buffer);
+	    tmp < end? *tmp : *(end-1), status, (int)(tmp-buffer), buffer);
 error:
 	first_b->error=PARSE_ERROR;
 	free_to_params(first_b);