From 3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Tue, 20 Dec 2016 08:32:03 +0100
Subject: [PATCH] dialoplan: safe checks for match expression

- test if null to avoid invalid use in comparison functions
- reported by Julia Boudniatsky
---
 src/modules/dialplan/dp_repl.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/modules/dialplan/dp_repl.c b/src/modules/dialplan/dp_repl.c
index 0b16b0ad0ef..2c0d9b3b12e 100644
--- a/src/modules/dialplan/dp_repl.c
+++ b/src/modules/dialplan/dp_repl.c
@@ -583,7 +583,7 @@ int translate(sip_msg_t *msg, str input, str *output, dpl_id_p idp,
 	dpl_dyn_pcre_p rt = NULL;
 
 	if(!input.s || !input.len) {
-		LM_ERR("invalid input string\n");
+		LM_WARN("invalid or empty input string to be matched\n");
 		return -1;
 	}
 
@@ -635,7 +635,8 @@ int translate(sip_msg_t *msg, str input, str *output, dpl_id_p idp,
 
 			case DP_EQUAL_OP:
 				LM_DBG("equal operator testing\n");
-				if(rulep->match_exp.len != input.len) {
+				if(rulep->match_exp.s==NULL
+						|| rulep->match_exp.len != input.len) {
 					rez = -1;
 				} else {
 					rez = strncmp(rulep->match_exp.s,input.s,input.len);
@@ -645,11 +646,15 @@ int translate(sip_msg_t *msg, str input, str *output, dpl_id_p idp,
 
 			case DP_FNMATCH_OP:
 				LM_DBG("fnmatch operator testing\n");
-				b = input.s[input.len];
-				input.s[input.len] = '\0';
-				rez = fnmatch(rulep->match_exp.s, input.s, 0);
-				input.s[input.len] = b;
-				rez = (rez==0)?0:-1;
+				if(rulep->match_exp.s!=NULL) {
+					b = input.s[input.len];
+					input.s[input.len] = '\0';
+					rez = fnmatch(rulep->match_exp.s, input.s, 0);
+					input.s[input.len] = b;
+					rez = (rez==0)?0:-1;
+				} else {
+					rez = -1;
+				}
 				break;
 
 			default: