From f7bc48d88d5ca585f5e2870569fea5ca97088293 Mon Sep 17 00:00:00 2001
From: bagyenda <>
Date: Fri, 8 Aug 2008 18:35:12 +0000
Subject: [PATCH] mms decoder bug/crash fixes

---
 mbuni/ChangeLog       |  1 +
 mbuni/mmlib/mms_msg.c | 14 +++++++++-----
 mbuni/mmsc/mmsproxy.c |  5 +++--
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/mbuni/ChangeLog b/mbuni/ChangeLog
index 5d2d87d..ac4b72d 100644
--- a/mbuni/ChangeLog
+++ b/mbuni/ChangeLog
@@ -1,6 +1,7 @@
 2008-08-08 P. A. Bagyenda <bagyenda@dsmagic.com>
 	* Fix to content adaptation: Better handling of supported image types
 	  thanks to George Barros <gbarros@ipcomsa.com>
+	* Improved stability of mms binary message parser when input is bad
 2008-08-06 P. A. Bagyenda <bagyenda@dsmagic.com>
 	* Additional fixes for bad message formats causing crash
 	* Fix for incorrect From and To headers in DLR and RR messages
diff --git a/mbuni/mmlib/mms_msg.c b/mbuni/mmlib/mms_msg.c
index fc71c62..accbd5b 100644
--- a/mbuni/mmlib/mms_msg.c
+++ b/mbuni/mmlib/mms_msg.c
@@ -283,7 +283,7 @@ static int mms_unpack_well_known_field(List *unpacked, int field_type,
      if (parse_error(context)) {
 	  warning(0, "Faulty header [code = %d], skipping remaining headers.", field_type);
 	  parse_skip_to_limit(context);
-	  return -1;
+	  return -2; /* serious error, bail out */
      }
 
      hname = mms_header_to_cstr(field_type);
@@ -615,12 +615,12 @@ static int mms_unpack_well_known_field(List *unpacked, int field_type,
      
      http_header_add(unpacked, (char *)hname, (char *)ch);
      octstr_destroy(decoded);
-     return val;
+     return val; /* success (we hope) */
      
  value_error:
      warning(0, "Skipping faulty header [code=%d, val=%d]!", field_type, val);
      octstr_destroy(decoded);     
-     return -1;
+     return -2;
 }
 
 static int decode_msgheaders(ParseContext *context, List *hdrs, Octstr *from, 
@@ -639,10 +639,14 @@ static int decode_msgheaders(ParseContext *context, List *hdrs, Octstr *from,
 	  if (byte >= 0x80)
 	       val = mms_unpack_well_known_field(hdrs, byte&0x7f, context, from, msgtype, 
 						 unified_prefixes, strip_prefixes);
-	  else {
+	  else if (byte >= 0) {
 	       parse_skip(context, -1); /* Go back a bit. */
 	       wsp_unpack_app_header(hdrs, context);
-	  }
+	  } 
+	    
+	  if (val < -1) /* serious parser error occured above. */
+	       break; 
+
 	  if ((byte&0x7f) ==  MMS_HEADER_CONTENT_TYPE && 
 	       stop_on_ctype)
 	       fcont = 0;
diff --git a/mbuni/mmsc/mmsproxy.c b/mbuni/mmsc/mmsproxy.c
index a79bbec..07660ea 100644
--- a/mbuni/mmsc/mmsproxy.c
+++ b/mbuni/mmsc/mmsproxy.c
@@ -705,9 +705,10 @@ static void sendmms_proxy(MmsHTTPClientInfo *h)
 	       goto forward_done;
 	  }
 
-	  if (mms_decodefetchurl(url, &qf, &token,&mloc) != 0) {
+	  if (url == NULL || 
+	      mms_decodefetchurl(url, &qf, &token,&mloc) != 0) {
 	       error(0, "MMS Send interface: failed to decode forward url (%s) from %s!", 
-		     octstr_get_cstr(url), 
+		     url ? octstr_get_cstr(url) : "(null)", 
 		     octstr_get_cstr(h->ip));
 	       mresp = mms_sendconf("Error-permanent-message-not-found", "None", 
 				    octstr_get_cstr(otransid),1,menc);