bugfix in topoh module

[qmphan]

Avoid crash (dereferencing null pointer) if there is no VIA header in sip message

[miconda]

I am curious when this was happening, because there should be at least one via header and iirc, there is basic parsing done for it and lack of a via should trigger an error.

I will merge the patch, but first in master and the pick it into 4.4.

[qmphan]

@miconda: You are right, the Via header was present as indicated in this backtrace (see #10). However, for some reason, the via parameter in #0 was NULL.

Program terminated with signal 11, Segmentation fault.
#0 0x00007fa8d159ac95 in th_get_via_cookie (msg=0x7ffdf612dc10, via=0x0) at th_msg.c:957
957 for(p=via->param_lst; p; p=p->next)
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 glibc-2.17-157.el7_3.1.x86_64 jansson-2.4-6.el7.x86_64 json-c-0.11-4.el7_0.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.14.1-27.el7_3.x86_64 libcom_err-1.42.9-9.el7.x86_64 libev-4.15-6.el7.x86_64 libselinux-2.5-6.el7.x86_64 nspr-4.11.0-1.el7_2.x86_64 nss-3.21.3-2.el7_3.x86_64 nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 nss-util-3.21.3-1.1.el7_3.x86_64 openldap-2.4.40-13.el7.x86_64 openssl-libs-1.0.1e-60.el7.x86_64 pcre-8.32-15.el7_2.1.x86_64 postgresql94-libs-9.4.10-1PGDG.rhel7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0 0x00007fa8d159ac95 in th_get_via_cookie (msg=0x7ffdf612dc10, via=0x0) at th_msg.c:957
#1 0x00007fa8d159b90c in th_get_cookie (msg=0x7ffdf612dc10, clen=0x7fa8d17aa628 <th_cookie_value+8>) at th_msg.c:1065
#2 0x00007fa8d15a3705 in th_msg_sent (data=0x7ffdf612e450) at topoh_mod.c:403
#3 0x00000000005e16dd in sr_event_exec (type=2, data=0x7ffdf612e450) at events.c:231
#4 0x00007fa8d8438662 in msg_send_buffer (dst=0x7fa8d4624650,
buf=0x7fa8dd4cfc10 "SIP/2.0 487 Request Terminated\r\nFrom: "84471099984" sip:84471099984@192.168.51.1;tag=323189895\r\nTo: sip:841236404100@192.168.51.1:5060;tag=5761265b6273333e\r\nServer: VOS2009 V2.1.2.0\r\nCSeq: 143 INV"..., len=389, flags=0) at ../../forward.h:138
#5 0x00007fa8d843c675 in send_pr_buffer (rb=0x7fa8d4624600, buf=0x7fa8dd4cfc10, len=389) at t_funcs.c:70
#6 0x00007fa8d83e6f2b in relay_reply (t=0x7fa8d4624540, p_msg=0x7fa8dd4f0070, branch=1, msg_status=487, cancel_data=0x7ffdf612e8e0, do_put_on_wait=1) at t_reply.c:1943
#7 0x00007fa8d83ea3f8 in reply_received (p_msg=0x7fa8dd4f0070) at t_reply.c:2466
#8 0x000000000053620b in do_forward_reply (msg=0x7fa8dd4f0070, mode=0) at forward.c:747
#9 0x00000000005379c9 in forward_reply (msg=0x7fa8dd4f0070) at forward.c:849
#10 0x000000000059291c in receive_msg (
buf=0xa12b00 <buf.6635> "SIP/2.0 487 Request Terminated\r\nVia: SIP/2.0/UDP 163.44.192.229;branch=z9hG4bK0a54.95248b9941e41f2ea14c3391d07c3615.1\r\nFrom: "84471099984" sip:84471099984@192.168.51.1;tag=323189895\r\nTo: <sip:841236"..., len=476, rcv_info=0x7ffdf612ed60) at receive.c:299
#11 0x00000000004bca5e in udp_rcv_loop () at udp_server.c:495
#12 0x0000000000544b3e in main_loop () at main.c:1614
#13 0x000000000054c08f in main (argc=5, argv=0x7ffdf612f278) at main.c:2631
(gdb) p via
$1 = (struct via_body *) 0x0
(gdb)

[miconda]

Thank! I will try too look more into it and see if there is something wrong. Your patch is in master and 4.4 branches now.