From 19dcb95c3b18be7cf538d38673c17a06583fd0e9 Mon Sep 17 00:00:00 2001 From: Mikko Lehto Date: Tue, 24 May 2016 07:14:38 +0300 Subject: [PATCH 1/5] modules/http_client: fix NULL pointer dereference --- modules/http_client/http_client.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/http_client/http_client.c b/modules/http_client/http_client.c index 9a6c269df00..3efb0eef260 100644 --- a/modules/http_client/http_client.c +++ b/modules/http_client/http_client.c @@ -508,6 +508,7 @@ static int w_curl_connect(struct sip_msg* _m, char* _con, char * _url, char* _re if (_con == NULL || _url == NULL || _result == NULL) { LM_ERR("Invalid parameter\n"); + return -1; } con.s = _con; con.len = strlen(con.s); @@ -546,6 +547,7 @@ static int w_curl_connect_post(struct sip_msg* _m, char* _con, char * _url, char if (_con == NULL || _url == NULL || _data == NULL || _result == NULL) { LM_ERR("Invalid parameter\n"); + return -1; } con.s = _con; con.len = strlen(con.s); @@ -782,6 +784,7 @@ static int w_curl_get_redirect(struct sip_msg* _m, char* _con, char* _result) { if (_con == NULL || _result == NULL) { LM_ERR("Invalid parameter\n"); + return -1; } con.s = _con; con.len = strlen(con.s); From c00867e50de1c7855fed8a05745086092fef38a5 Mon Sep 17 00:00:00 2001 From: Mikko Lehto Date: Tue, 24 May 2016 07:32:33 +0300 Subject: [PATCH 2/5] modules/rr: initialize to NULL --- modules/rr/record.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/rr/record.c b/modules/rr/record.c index b8f526e17bd..6c7cc05c1d9 100644 --- a/modules/rr/record.c +++ b/modules/rr/record.c @@ -492,7 +492,7 @@ int record_route(struct sip_msg* _m, str *params) int record_route_preset(struct sip_msg* _m, str* _data) { str user = {NULL, 0}; - struct to_body* from; + struct to_body* from = NULL; struct lump* l; char* hdr, *p; int hdr_len; @@ -511,10 +511,6 @@ int record_route_preset(struct sip_msg* _m, str* _data) rr_prefix_len = RR_PREFIX_SIPS_LEN; } - from = 0; - user.len = 0; - user.s = 0; - if (add_username) { if (get_username(_m, &user) < 0) { LM_ERR("failed to extract username\n"); From e6a3f6605f50d16f673724a2dc6cf22fc47bc717 Mon Sep 17 00:00:00 2001 From: Mikko Lehto Date: Tue, 24 May 2016 12:27:14 +0300 Subject: [PATCH 3/5] modules/uid_domain: initialize variables --- modules/uid_domain/uid_domain_mod.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/uid_domain/uid_domain_mod.c b/modules/uid_domain/uid_domain_mod.c index fda7bb960df..abe43d5b382 100644 --- a/modules/uid_domain/uid_domain_mod.c +++ b/modules/uid_domain/uid_domain_mod.c @@ -433,7 +433,7 @@ static int db_load_domain(domain_t** d, unsigned long flags, str* domain) static int lookup_domain(struct sip_msg* msg, char* flags, char* fp) { str domain, tmp; - domain_t* d; + domain_t* d = NULL; int ret = -1; if (get_str_fparam(&domain, msg, (fparam_t*)fp) != 0) { @@ -527,13 +527,12 @@ int reload_domain_list(void) static int lookup_domain_fixup(void** param, int param_no) { - unsigned long flags; + unsigned long flags=0; char* s; if (param_no == 1) { /* Determine the track and class of attributes to be loaded */ s = (char*)*param; - flags = 0; if (*s != '$' || (strlen(s) != 3)) { ERR("Invalid parameter value, $xy expected\n"); return -1; From a9cce1772d25e1f03cec3ee291ae5fb4a945f82f Mon Sep 17 00:00:00 2001 From: Mikko Lehto Date: Tue, 24 May 2016 12:37:44 +0300 Subject: [PATCH 4/5] modules/sipcapture: fix possible NULL pointer dereference --- modules/sipcapture/sipcapture.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/sipcapture/sipcapture.c b/modules/sipcapture/sipcapture.c index 8a3fb7b1a69..83eae4d4780 100644 --- a/modules/sipcapture/sipcapture.c +++ b/modules/sipcapture/sipcapture.c @@ -626,13 +626,13 @@ void * capture_mode_init(str *name, str * params) { return n; error: - if (n->name.s){ - pkg_free(n->name.s); - } - if (n->table_names){ - pkg_free(n->table_names); - } if (n){ + if (n->name.s){ + pkg_free(n->name.s); + } + if (n->table_names){ + pkg_free(n->table_names); + } pkg_free(n); } return 0; From 700b334b51b39056c4c0004451ca41304510f164 Mon Sep 17 00:00:00 2001 From: Mikko Lehto Date: Mon, 23 May 2016 23:49:59 +0300 Subject: [PATCH 5/5] modules/[call_control|mediaproxy]: proper assigment to NULL pointer CC (clang) [M mediaproxy.so] mediaproxy.o mediaproxy.c:1929:27: warning: expression which evaluates to zero treated as a null pointer constant of type 'void *' [-Wnon-literal-null-conversion] *_params->param = MPInactive; ^~~~~~~~~~ --- modules/call_control/call_control.c | 2 +- modules/mediaproxy/mediaproxy.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/call_control/call_control.c b/modules/call_control/call_control.c index 62af9244f81..5450e0055c1 100644 --- a/modules/call_control/call_control.c +++ b/modules/call_control/call_control.c @@ -985,7 +985,7 @@ __dialog_ended(struct dlg_cell *dlg, int type, struct dlg_cb_params *_params) if( !msg || msg == FAKED_REPLY) msg = _params->req; call_control_stop(msg, dlg->callid); - *_params->param = (void*)CCInactive; + *_params->param = NULL; } } diff --git a/modules/mediaproxy/mediaproxy.c b/modules/mediaproxy/mediaproxy.c index f96a6350082..5b37addc782 100644 --- a/modules/mediaproxy/mediaproxy.c +++ b/modules/mediaproxy/mediaproxy.c @@ -1926,7 +1926,7 @@ __dialog_ended(struct dlg_cell *dlg, int type, struct dlg_cb_params *_params) { if ((int)(long)*_params->param == MPActive) { end_media_session(dlg->callid, dlg->tag[DLG_CALLER_LEG], dlg->tag[DLG_CALLEE_LEG]); - *_params->param = MPInactive; + *_params->param = NULL; } }