carrierroute: avoid out-of-bounds access when resetting opts

kamailio · Jul 31, 2017 · 3c86d68 · 3c86d68
1 parent b95e536
commit 3c86d68
Showing 1 changed file with 53 additions and 61 deletions.
diff --git a/src/modules/carrierroute/cr_config.c b/src/modules/carrierroute/cr_config.c
@@ -48,72 +48,64 @@ enum prefix_opt_ids { PO_MAX_TARGETS = 0, PO_MAX_IDS };
 option_description target_options[TO_MAX_IDS];
 option_description prefix_options[PO_MAX_IDS];
 
-static void reset_opts(option_description * opts, int size){
+static void reset_target_opts(){
 	int i;
-	if ( NULL == opts){
-		LM_ERR("Trying to init a NULL pointer location \n");
-		return;
-	}
-	for (i=0; i < size; i++){
-		memset(&(opts[i].value),'\0', sizeof(union opt_data));
-		opts[i].visited = 0;
-		opts[i].no_elems = 0;
-		if ( CFG_STR == opts[i].type ){
-			opts[i].value.string_data.s = opts[i].str_buf;
-			strcpy(opts[i].str_buf,"");
-			opts[i].value.string_data.len = 0;
+	for (i=0; i < TO_MAX_IDS; i++){
+		memset(&(target_options[i].value),'\0', sizeof(union opt_data));
+		target_options[i].visited = 0;
+		target_options[i].no_elems = 0;
+		if ( CFG_STR == target_options[i].type ){
+			target_options[i].value.string_data.s = target_options[i].str_buf;
+			strcpy(target_options[i].str_buf,"");
+			target_options[i].value.string_data.len = 0;
 		}
 	}
 
-	opts[TO_ID_STRIP     ].value.int_data=0;
-	opts[TO_ID_PROB      ].value.float_data=0;
-	opts[TO_ID_HASH_INDEX].value.int_data=0;
-	opts[TO_ID_STATUS    ].value.int_data=0;
-	opts[TO_ID_BACKUP    ].value.int_data=-1;
-
-	return;
+	target_options[TO_ID_STRIP     ].value.int_data=0;
+	target_options[TO_ID_PROB      ].value.float_data=0;
+	target_options[TO_ID_HASH_INDEX].value.int_data=0;
+	target_options[TO_ID_STATUS    ].value.int_data=0;
+	target_options[TO_ID_BACKUP    ].value.int_data=-1;
 }
 
-static int init_target_opts(option_description * opts){
-	if ( NULL == opts){
-		LM_DBG("Trying to init a NULL pointer location \n");
-		return -1;
-	}
-	memset(opts, '\0', sizeof(option_description) * TO_MAX_IDS);
-
-	strcpy((char*)(opts[TO_ID_COMMENT].name),    "comment");
-	strcpy((char*)(opts[TO_ID_STRIP].name),      "strip");
-	strcpy((char*)(opts[TO_ID_REWR_PREFIX].name),"rewrite_prefix");
-	strcpy((char*)(opts[TO_ID_PROB].name),       "prob");
-	strcpy((char*)(opts[TO_ID_HASH_INDEX].name), "hash_index");
-	strcpy((char*)(opts[TO_ID_REWR_SUFFIX].name),"rewrite_suffix");
-	strcpy((char*)(opts[TO_ID_STATUS].name),     "status");
-	strcpy((char*)(opts[TO_ID_BACKED_UP].name),  "backed_up");
-	strcpy((char*)(opts[TO_ID_BACKUP].name),     "backup");
-
-	opts[TO_ID_COMMENT    ].type=CFG_STR;
-	opts[TO_ID_STRIP      ].type=CFG_INT;
-	opts[TO_ID_REWR_PREFIX].type=CFG_STR;
-	opts[TO_ID_PROB       ].type=CFG_FLOAT;
-	opts[TO_ID_HASH_INDEX ].type=CFG_INT;
-	opts[TO_ID_REWR_SUFFIX].type=CFG_STR;
-	opts[TO_ID_STATUS     ].type=CFG_INT;
-	opts[TO_ID_BACKED_UP  ].type=CFG_INT_LIST;
-	opts[TO_ID_BACKUP     ].type=CFG_INT;
-
-	reset_opts(opts, TO_MAX_IDS);
+static int init_target_opts(){
+
+	memset(target_options, '\0', sizeof(option_description) * TO_MAX_IDS);
+
+	strcpy((char*)(target_options[TO_ID_COMMENT].name),    "comment");
+	strcpy((char*)(target_options[TO_ID_STRIP].name),      "strip");
+	strcpy((char*)(target_options[TO_ID_REWR_PREFIX].name),"rewrite_prefix");
+	strcpy((char*)(target_options[TO_ID_PROB].name),       "prob");
+	strcpy((char*)(target_options[TO_ID_HASH_INDEX].name), "hash_index");
+	strcpy((char*)(target_options[TO_ID_REWR_SUFFIX].name),"rewrite_suffix");
+	strcpy((char*)(target_options[TO_ID_STATUS].name),     "status");
+	strcpy((char*)(target_options[TO_ID_BACKED_UP].name),  "backed_up");
+	strcpy((char*)(target_options[TO_ID_BACKUP].name),     "backup");
+
+	target_options[TO_ID_COMMENT    ].type=CFG_STR;
+	target_options[TO_ID_STRIP      ].type=CFG_INT;
+	target_options[TO_ID_REWR_PREFIX].type=CFG_STR;
+	target_options[TO_ID_PROB       ].type=CFG_FLOAT;
+	target_options[TO_ID_HASH_INDEX ].type=CFG_INT;
+	target_options[TO_ID_REWR_SUFFIX].type=CFG_STR;
+	target_options[TO_ID_STATUS     ].type=CFG_INT;
+	target_options[TO_ID_BACKED_UP  ].type=CFG_INT_LIST;
+	target_options[TO_ID_BACKUP     ].type=CFG_INT;
+
+	reset_target_opts();
 	return 0;
 }
 
-static int init_prefix_opts(option_description * opts){
-	if ( NULL == opts){
-		LM_DBG("Trying to init a NULL pointer location \n");
-		return -1;
-	}
-	memset(opts, '\0', sizeof(option_description) * PO_MAX_IDS);
-	strcpy((char*)(opts[PO_MAX_TARGETS].name), "max_targets");
-	opts[PO_MAX_TARGETS].type=CFG_INT;
-	opts[PO_MAX_TARGETS].value.int_data=-1;
+static void reset_prefix_opts(){
+	prefix_options[PO_MAX_TARGETS].value.int_data=-1;
+}
+
+static int init_prefix_opts(){
+
+	memset(prefix_options, '\0', sizeof(option_description) * PO_MAX_IDS);
+	strcpy((char*)(prefix_options[PO_MAX_TARGETS].name), "max_targets");
+	prefix_options[PO_MAX_TARGETS].type=CFG_INT;
+	reset_prefix_opts();
 	return 0;
 }
 
@@ -272,8 +264,8 @@ int load_config(struct route_data_t * rd) {
 		goto errclose;
 	}
 
-	init_prefix_opts(prefix_options);
-	init_target_opts(target_options);
+	init_prefix_opts();
+	init_target_opts();
 
 	/* add all routes by parsing the route conf file */
 	/* while there are domain structures, get name and parse the structure*/
@@ -346,7 +338,7 @@ int load_config(struct route_data_t * rd) {
 		while ((ret_prefix = parse_struct_header(file, "prefix", &prefix_name))
 				== SUCCESSFUL_PARSING) {
 
-			reset_opts(prefix_options, PO_MAX_IDS);
+			reset_prefix_opts();
 			if (str_strcasecmp(&prefix_name, &CR_EMPTY_PREFIX) == 0) {
 				prefix_name.s[0] = '\0';
 				prefix_name.len = 0;
@@ -369,7 +361,7 @@ int load_config(struct route_data_t * rd) {
 					goto errclose;
 				}
 
-				reset_opts(target_options, TO_MAX_IDS);
+				reset_target_opts();
 				/* look for the target options: prob, hash index, status, etc*/
 				ret_target_opts = parse_options(file, target_options, TO_MAX_IDS, "}");
 				if ( SUCCESSFUL_PARSING == ret_target_opts ){