From 6a3fc200b19500ddd6ed9a2236db6e21f777564a Mon Sep 17 00:00:00 2001 From: Daniel-Constantin Mierla Date: Thu, 12 May 2016 16:52:34 +0200 Subject: [PATCH] cfgutils: proper check for return code looking up routing block in route_exists() - when the route block doesn't exist, route_lookup() returns -1, which was used to access routing actions due to condition expecting 0 on not found. The fix should avoid crashing by accessing invalid addresses. Reported by Alex Balashov - fixed return codes in the configuration file to follow the rules with positive being evaluated to true and negative to false - route_exists() returns the code returned by running actions, like a classic sub-route execution --- modules/cfgutils/cfgutils.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/modules/cfgutils/cfgutils.c b/modules/cfgutils/cfgutils.c index 667fecd0d1e..082cfe53703 100644 --- a/modules/cfgutils/cfgutils.c +++ b/modules/cfgutils/cfgutils.c @@ -97,8 +97,8 @@ static int dbg_pkg_status(struct sip_msg*, char*,char*); static int dbg_shm_status(struct sip_msg*, char*,char*); static int dbg_pkg_summary(struct sip_msg*, char*,char*); static int dbg_shm_summary(struct sip_msg*, char*,char*); -static int route_exists(struct sip_msg*, char*); -static int check_route_exists(struct sip_msg*, char*); +static int w_route_exists(struct sip_msg*, char*); +static int w_check_route_exists(struct sip_msg*, char*); static int set_gflag(struct sip_msg*, char *, char *); static int reset_gflag(struct sip_msg*, char *, char *); @@ -186,9 +186,9 @@ static cmd_export_t cmds[]={ ANY_ROUTE}, {"core_hash", (cmd_function)w_core_hash, 3, fixup_core_hash, 0, ANY_ROUTE}, - {"check_route_exists", (cmd_function)check_route_exists, 1, 0, 0, + {"check_route_exists", (cmd_function)w_check_route_exists, 1, 0, 0, ANY_ROUTE}, - {"route_if_exists", (cmd_function)route_exists, 1, 0, 0, + {"route_if_exists", (cmd_function)w_route_exists, 1, 0, 0, ANY_ROUTE}, {"bind_cfgutils", (cmd_function)bind_cfgutils, 0, 0, 0, 0}, @@ -873,29 +873,32 @@ static int w_cfg_unlock(struct sip_msg *msg, char *key, char *s2) /*! Check if a route block exists - only request routes */ -static int check_route_exists(struct sip_msg *msg, char *route) +static int w_check_route_exists(struct sip_msg *msg, char *route) { - if (route_lookup(&main_rt, route)) - return 1; - return 0; + if (route_lookup(&main_rt, route)<0) { + /* not found */ + return -1; + } + return 1; } /*! Run a request route block if it exists */ -static int route_exists(struct sip_msg *msg, char *route) +static int w_route_exists(struct sip_msg *msg, char *route) { struct run_act_ctx ctx; - int newroute, backup_rt; + int newroute, backup_rt, ret; - if (!(newroute = route_lookup(&main_rt, route))) { - return 0; + newroute = route_lookup(&main_rt, route); + if (newroute<0) { + return -1; } backup_rt = get_route_type(); set_route_type(REQUEST_ROUTE); init_run_actions_ctx(&ctx); - run_top_route(main_rt.rlist[newroute], msg, 0); + ret = run_top_route(main_rt.rlist[newroute], msg, &ctx); set_route_type(backup_rt); - return 0; + return ret; } static int mod_init(void)