core: dns - safety checks for port and proto
authorDaniel-Constantin Mierla <miconda@gmail.com>
Sun, 11 Apr 2021 07:09:24 +0000 (09:09 +0200)
committerDaniel-Constantin Mierla <miconda@gmail.com>
Tue, 13 Apr 2021 06:32:40 +0000 (08:32 +0200)
(cherry picked from commit 6d46ec71f941b9db9c06c6c2edac14fc9f3d1074)

src/core/dns_cache.c
src/core/resolve.c

index e4cb58f..95a4a23 100644 (file)
@@ -3011,25 +3011,30 @@ inline static int dns_srv_resolve_ip(struct dns_srv_handle* h,
 {
        int ret;
        str host;
+       unsigned short vport;
 
        host.len=0;
        host.s=0;
+       if(port) vport =*port;
+       else vport = 0;
+
        do{
                if (h->a==0){
 #ifdef DNS_SRV_LB
                        if ((ret=dns_srv_resolve_nxt(&h->srv,
                                                                (flags & DNS_SRV_RR_LB)?&h->srv_tried_rrs:0,
                                                                &h->srv_no,
-                                                               name, &host, port))<0)
+                                                               name, &host, &vport))<0)
                                goto error;
 #else
                        if ((ret=dns_srv_resolve_nxt(&h->srv, &h->srv_no,
-                                                               name, &host, port))<0)
+                                                               name, &host, &vport))<0)
                                goto error;
 #endif
-                       h->port=*port; /* store new port */
+                       h->port=vport; /* store new port */
+                       if(port) *port=vport;
                }else{
-                       *port=h->port; /* return the stored port */
+                       if(port) *port=h->port; /* return the stored port */
                }
                if ((ret=dns_ip_resolve(&h->a, &h->ip_no, &host, ip, flags))<0){
                        /* couldn't find any good ip for this record, try the next one */
@@ -3257,6 +3262,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
        char n_proto, origproto;
        str srv_name;
        int ret;
+       int res;
        int try_lookup_naptr = 0;
 
        ret=-E_DNS_NO_NAPTR;
@@ -3302,7 +3308,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
 
        if (!try_lookup_naptr) {
                if(proto) *proto=origproto;
-               int res = dns_srv_sip_resolve(h, name, ip, port, proto, flags);
+               res = dns_srv_sip_resolve(h, name, ip, port, proto, flags);
                if (res) {
                        mark_skip_current_naptr(e->rr_lst, h->srv);
                        if (have_more_active_naptr(e->rr_lst)) {
@@ -3324,8 +3330,8 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
                                LM_DBG("(%.*s, %d, %d), srv0, ret=%d\n",
                                                                name->len, name->s, h->srv_no, h->ip_no, ret);
                                dns_hash_put(e);
-                               *proto=n_proto;
-                               h->proto=*proto;
+                               if(proto) *proto=n_proto;
+                               h->proto=n_proto;
                                return ret;
                        }
                }
@@ -4130,7 +4136,9 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
                new_rr->rdata = (void*)((char*)new_rr+rr_size);
                new_rr->expire = now + S_TO_TICKS(ttl);
                /* link the rr to the previous one */
-               last_rr->next = new_rr;
+               if(last_rr) {
+                       last_rr->next = new_rr;
+               }
 
                /* fix the total_size and expires values */
                new->total_size=rounded_size+rr_size+rdata_size;
@@ -4396,7 +4404,7 @@ int dns_cache_add_record(unsigned short type,
 
                                if (*rr_iter != new_rr->next) {
                                        /* unlink rr from the list */
-                                       *rr_p = (*rr_p)->next;
+                                       *rr_p = (*rr_p)?(*rr_p)->next:NULL;
                                        /* link it before *rr_iter */
                                        new_rr->next = *rr_iter;
                                        *rr_iter = new_rr;
index 193ac52..3796f05 100644 (file)
@@ -1247,7 +1247,7 @@ struct hostent* srv_sip_resolvehost(str* name, int zt, unsigned short* port,
        if (is_srv){
                /* skip directly to srv resolving */
                srv_proto=(proto)?*proto:0;
-               *port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT;
+               if(port) *port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT;
                if (zt){
                        srv_target=name->s; /* name.s must be 0 terminated in
                                                                  this case */