Fixed bogus memory operations.

Fixed bogus free (of uninit pointer) if parse_contact() fails Fixed shm leak on errors after print_rr_body Fixed shm leak on success if record_route is present. Reported by John Nash. (cherry picked from commit 4b0fca5)
OpenSIPS · May 18, 2016 · a79c49b · a79c49b
1 parent 1c811ce
commit a79c49b
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/modules/topology_hiding/topo_hiding_logic.c b/modules/topology_hiding/topo_hiding_logic.c
@@ -1432,7 +1432,8 @@ static char* build_encoded_contact_suffix(struct sip_msg* msg,int *suffix_len)
 {
 	short rr_len,ct_len,addr_len,enc_len;
 	char *suffix_plain,*suffix_enc,*p,*s;
-	str rr_set,contact;
+	str rr_set = {NULL, 0};
+	str contact;
 	int i,total_len;
 	struct sip_uri ctu;
 	struct th_ct_params* el;
@@ -1464,8 +1465,7 @@ static char* build_encoded_contact_suffix(struct sip_msg* msg,int *suffix_len)
 	((contact_body_t *)msg->contact->parsed)->contacts==NULL ||
 	((contact_body_t *)msg->contact->parsed)->contacts->next!=NULL ) {
 		LM_ERR("bad Contact HDR\n");
-		pkg_free(rr_set.s);
-		return NULL;
+		goto error;
 	} else {
 		contact = ((contact_body_t *)msg->contact->parsed)->contacts->uri;
 		ct_len = (short)contact.len;
@@ -1617,10 +1617,14 @@ static char* build_encoded_contact_suffix(struct sip_msg* msg,int *suffix_len)
 		}
 	}
 
+	if (rr_set.s)
+		pkg_free(rr_set.s);
 	pkg_free(suffix_plain);
 	*suffix_len = total_len;
 	return suffix_enc;
 error:
+	if (rr_set.s)
+		pkg_free(rr_set.s);
 	return NULL;
 }