core: cfg.len - sanitizer safety check of target buffer
authorDaniel-Constantin Mierla <miconda@gmail.com>
Mon, 5 Apr 2021 15:31:48 +0000 (17:31 +0200)
committerDaniel-Constantin Mierla <miconda@gmail.com>
Tue, 13 Apr 2021 06:23:57 +0000 (08:23 +0200)
(cherry picked from commit ef31c82ac3bd7972c2d02c893f8041af4664b717)

src/core/cfg.lex

index 73be332..d281130 100644 (file)
@@ -1436,7 +1436,7 @@ static char* addchar(struct str_buf* dst, char c)
 
 static char* addstr(struct str_buf* dst_b, char* src, int len)
 {
-       char *tmp;
+       char *tmp = NULL;
        unsigned size;
        unsigned used;
 
@@ -1455,6 +1455,10 @@ static char* addstr(struct str_buf* dst_b, char* src, int len)
                dst_b->crt=dst_b->s+used;
                dst_b->left=size-used;
        }
+       if(dst_b->crt==NULL) {
+               LM_CRIT("unexpected null dst buffer\n");
+               ksr_exit(-1);
+       }
        memcpy(dst_b->crt, src, len);
        dst_b->crt+=len;
        *(dst_b->crt)=0;