auth_diameter: avoid passing large structs as params and better error…

… handling
kamailio · Jul 27, 2017 · 67e87eb · 67e87eb
1 parent ec4d74a
commit 67e87eb
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 35 deletions.
diff --git a/src/modules/auth_diameter/authorize.c b/src/modules/auth_diameter/authorize.c
@@ -261,7 +261,7 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype)
 	}
 
 	if( diameter_authorize(cred?h:NULL, &msg->first_line.u.request.method,
-					puri, msg->parsed_uri, msg->id, rb) != 1)
+					&puri, &msg->parsed_uri, msg->id, rb) != 1)
 	{
 		send_resp(msg, 500, &dia_500_err, NULL, 0);
 		return AUTH_ERROR;
@@ -286,8 +286,8 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype)
  * 		-1 - error
  * 			
  */
-int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
-						struct sip_uri ruri, unsigned int m_id, rd_buf_t* rb)
+int diameter_authorize(struct hdr_field* hdr, str* p_method, sip_uri_t *uri,
+						sip_uri_t *ruri, unsigned int m_id, rd_buf_t* rb)
 {
 	str user_name;
 	AAAMessage *req;
@@ -314,21 +314,21 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
 	{
 		/* Username AVP */
 		user_name.s = 0;
-		user_name.len = uri.user.len + uri.host.len;
+		user_name.len = uri->user.len + uri->host.len;
 		if(user_name.len>0)
 		{
 			user_name.len += 2;
 			user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
 			memset(user_name.s, 0, user_name.len);
 
-			memcpy(user_name.s, uri.user.s, uri.user.len);
-			if(uri.user.len>0)
+			memcpy(user_name.s, uri->user.s, uri->user.len);
+			if(uri->user.len>0)
 			{
-				memcpy(user_name.s+uri.user.len, "@", 1);
-				memcpy(user_name.s+uri.user.len+1, uri.host.s, uri.host.len);
+				memcpy(user_name.s+uri->user.len, "@", 1);
+				memcpy(user_name.s+uri->user.len+1, uri->host.s, uri->host.len);
 			}
 			else
-				memcpy(user_name.s, uri.host.s, uri.host.len);
+				memcpy(user_name.s, uri->host.s, uri->host.len);
 		}
 
 		if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, 
@@ -419,8 +419,6 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
 		goto error1;
 	}
 
-
-
 	/* SIP Service AVP */
 	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_AUTHENTICATION, 
 				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
@@ -435,15 +433,15 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
 	}
 
 	/* Destination-Realm AVP */
-	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri.host.s,
-						uri.host.len, AVP_DUPLICATE_DATA)) == 0)
+	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri->host.s,
+						uri->host.len, AVP_DUPLICATE_DATA)) == 0)
 	{
 		LM_ERR(" no more pkg memory left!\n");
 		goto error;
 	}
 
 #ifdef DEBUG	
-	LM_DBG("Destination Realm: %.*s\n", uri.host.len, uri.host.s);	
+	LM_DBG("Destination Realm: %.*s\n", uri->host.len, uri->host.s);	
 #endif
 
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
@@ -453,27 +451,27 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
 	}
 
 	/* Resource AVP */
-	user_name.len = ruri.user.len + ruri.host.len + ruri.port.len + 2;
+	user_name.len = ruri->user.len + ruri->host.len + ruri->port.len + 2;
 	user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
 	memset(user_name.s, 0, user_name.len);
-	memcpy(user_name.s, ruri.user.s, ruri.user.len);
+	memcpy(user_name.s, ruri->user.s, ruri->user.len);
 
 	name_flag= 0;
-	if(ruri.user.s)
+	if(ruri->user.s)
 	{		
 		name_flag = 1;
-		memcpy(user_name.s+ruri.user.len, "@", 1);
+		memcpy(user_name.s+ruri->user.len, "@", 1);
 	}	
 
-	memcpy(user_name.s+ruri.user.len+name_flag, ruri.host.s, ruri.host.len);
+	memcpy(user_name.s+ruri->user.len+name_flag, ruri->host.s, ruri->host.len);
 
 	port_flag=0;
-	if(ruri.port.s)
+	if(ruri->port.s)
 	{
 		port_flag = 1;	
-		memcpy(user_name.s+ruri.user.len+ruri.host.len+1, ":", 1);
-		memcpy(user_name.s+ruri.user.len+ruri.host.len+name_flag+port_flag, 
-					ruri.port.s, ruri.port.len);
+		memcpy(user_name.s+ruri->user.len+ruri->host.len+1, ":", 1);
+		memcpy(user_name.s+ruri->user.len+ruri->host.len+name_flag+port_flag, 
+					ruri->port.s, ruri->port.len);
 	}
 #ifdef DEBUG
 	LM_DBG(": AVP_Resource=%.*s\n", user_name.len, user_name.s);

diff --git a/src/modules/auth_diameter/authorize.h b/src/modules/auth_diameter/authorize.h
@@ -58,7 +58,7 @@ auth_diam_result_t diam_pre_auth(struct sip_msg* m, str* realm, int hftype,
 int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype);
 
 int diameter_authorize(struct hdr_field* cred, str* p_method, 
-					struct sip_uri uri,	struct sip_uri ruri,
+					sip_uri_t *uri,	sip_uri_t *ruri,
 					unsigned int m_id, rd_buf_t *response);
 
 int srv_response(struct sip_msg* msg, rd_buf_t* rb, int hftype);

diff --git a/src/modules/auth_diameter/avp.c b/src/modules/auth_diameter/avp.c
@@ -102,7 +102,7 @@ AAA_AVP*  AAACreateAVP(
 	unsigned int length,
 	AVPDataStatus data_status)
 {
-	AAA_AVP *avp;
+	AAA_AVP *avp = NULL;
 
 	/* first check the params */
 	if( data==0 || length==0) {
@@ -142,6 +142,7 @@ AAA_AVP*  AAACreateAVP(
 	return avp;
 error:
 	LM_ERR("no more pkg memory left!\n");
+	if(avp) ad_free(avp);
 	return 0;
 }
 

diff --git a/src/modules/auth_diameter/message.c b/src/modules/auth_diameter/message.c
@@ -293,7 +293,9 @@ AAAMessage* AAATranslateMessage( unsigned char* source, unsigned int sourceLen,
 			goto error;
 
 		/* link the avp into aaa message to the end */
-		AAAAddAVPToMessage( msg, avp, msg->avpList.tail);
+		if(AAAAddAVPToMessage(msg, avp, msg->avpList.tail)!=AAA_ERR_SUCCESS) {
+			LM_ERR("failed to add avp to message\n");
+		}
 
 		ptr += to_32x_len( avp_data_len );
 	}

diff --git a/src/modules/auth_diameter/tcp_comm.c b/src/modules/auth_diameter/tcp_comm.c
@@ -64,6 +64,7 @@ int init_mytcp(char* host, int port)
     if (server == NULL) 
 	{
 		LM_ERR("error finding the host\n");
+		close(sockfd);
 		return -1;
     }
 
@@ -76,8 +77,8 @@ int init_mytcp(char* host, int port)
     if (connect(sockfd, (const struct sockaddr *)&serv_addr, 
 							sizeof(serv_addr)) < 0) 
 	{
-        LM_ERR("error connecting to the "
-						"DIAMETER client\n");
+        LM_ERR("error connecting to the DIAMETER client\n");
+		close(sockfd);
 		return -1;
 	}	
 

diff --git a/src/modules/auth_diameter/user_in.c b/src/modules/auth_diameter/user_in.c
@@ -239,7 +239,6 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
 		goto error1;
 	}
 
-
 	/* ServiceType AVP */
 	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, 
 				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
@@ -252,24 +251,26 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
 		LM_ERR("avp not added \n");
 		goto error1;
 	}
-
 
 	/* Destination-Realm AVP */
 	uri = *(GET_RURI(_m));
-	parse_uri(uri.s, uri.len, &puri);
+	if(parse_uri(uri.s, uri.len, &puri)<0) {
+		LM_ERR("failed to parse uri\n");
+		goto error;
+	}
 	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
 						puri.host.len, AVP_DUPLICATE_DATA)) == 0)
 	{
 		LM_ERR("no more pkg memory!\n");
 		goto error;
 	}
-	
+
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
 	{
 		LM_ERR("avp not added \n");
 		goto error1;
 	}
-	
+
 #ifdef DEBUG
 	AAAPrintMessage(req);
 #endif
@@ -317,5 +318,4 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
 	AAAFreeMessage(&req);
 	return -1;
 
-}
-
+}