diff --git a/modules/ims_registrar_scscf/reply.c b/modules/ims_registrar_scscf/reply.c
index c52334faedc..d86887f91f3 100644
--- a/modules/ims_registrar_scscf/reply.c
+++ b/modules/ims_registrar_scscf/reply.c
@@ -115,19 +115,21 @@ static inline unsigned int calc_buf_len(impurecord_t* impurec) {
             }
             tmp = c->params;
             while (tmp) {
-                if ((tmp->name.s[0] == 'R' || tmp->name.s[0]=='r') && tmp->name.len == 8 && !memcmp(tmp->name.s+1, "eceived", 7)) {
-                    tmp = tmp->next;
-                    continue;
-                }
-                if ((tmp->name.s[0] == 'Q' || tmp->name.s[0]=='q') && tmp->name.len == 1) {
-                    tmp = tmp->next;
-                    continue;
-                }
-                if ((tmp->name.s[0] == 'E' || tmp->name.s[0] == 'e') && tmp->name.len == 7 && !memcmp(tmp->name.s + 1, "xpires", 6)) {
-                    tmp = tmp->next;
-                    continue;
-                }
-                len += tmp->name.len;
+				if (tmp->name.len > 0 && tmp->name.s) {
+					if ((tmp->name.s[0] == 'R' || tmp->name.s[0]=='r') && tmp->name.len == 8 && !memcmp(tmp->name.s+1, "eceived", 7)) {
+						tmp = tmp->next;
+						continue;
+					}
+					if ((tmp->name.s[0] == 'Q' || tmp->name.s[0]=='q') && tmp->name.len == 1) {
+						tmp = tmp->next;
+						continue;
+					}
+					if ((tmp->name.s[0] == 'E' || tmp->name.s[0] == 'e') && tmp->name.len == 7 && !memcmp(tmp->name.s + 1, "xpires", 6)) {
+						tmp = tmp->next;
+						continue;
+					}
+					len += tmp->name.len + 1 /*separator ; */;
+				}
                 if (tmp->body.len > 0) {
                     len = len + 1/*=*/ + 2/*2 x "*/;
                     len += tmp->body.len;
@@ -437,6 +439,7 @@ int build_contact(impurecord_t* impurec, contact_for_header_t** contact_header)
 
     tmp_contact_header->data_len = calc_buf_len(impurec);
     tmp_contact_header->buf = (char*)shm_malloc(tmp_contact_header->data_len);
+	memset(tmp_contact_header->buf, 0, tmp_contact_header->data_len);
 
     if (tmp_contact_header->data_len) {
         p = tmp_contact_header->buf;
@@ -496,21 +499,24 @@ int build_contact(impurecord_t* impurec, contact_for_header_t** contact_header)
                 /* put in the rest of the params except Q and received */
                 tmp = c->params;
                 while (tmp) {
-                    if ((tmp->name.s[0] == 'R' || tmp->name.s[0]=='r') && tmp->name.len == 8 && !memcmp(tmp->name.s+1, "eceived", 7)) {
-                        tmp = tmp->next;
-                        continue;
-                    }
-                    if ((tmp->name.s[0] == 'Q' || tmp->name.s[0]=='q') && tmp->name.len == 1) {
-                        tmp = tmp->next;
-                        continue;
-                    }
-                    if ((tmp->name.s[0] == 'E' || tmp->name.s[0]=='e') && tmp->name.len == 7 && !memcmp(tmp->name.s+1, "xpires", 6)) {
-                        tmp = tmp->next;
-                        continue;
-                    }
-                    *p++ = ';';
-                    memcpy(p, tmp->name.s, tmp->name.len);
-                    p += tmp->name.len;
+					if (tmp->name.len>0 && tmp->name.s) {
+						if ((tmp->name.s[0] == 'R' || tmp->name.s[0]=='r') && tmp->name.len == 8 && !memcmp(tmp->name.s+1, "eceived", 7)) {
+							tmp = tmp->next;
+							continue;
+						}
+						if ((tmp->name.s[0] == 'Q' || tmp->name.s[0]=='q') && tmp->name.len == 1) {
+							tmp = tmp->next;
+							continue;
+						}
+						if ((tmp->name.s[0] == 'E' || tmp->name.s[0]=='e') && tmp->name.len == 7 && !memcmp(tmp->name.s+1, "xpires", 6)) {
+							tmp = tmp->next;
+							continue;
+						}
+						*p++ = ';';
+						memcpy(p, tmp->name.s, tmp->name.len);
+						p += tmp->name.len;
+					}
+                    
                     if (tmp->body.len > 0) {
                         *p++ = '=';
                         *p++ = '\"';