hwelte
/
mbuni
1
0
Fork 0
Code Releases Activity

mms decoder bug/crash fixes

This commit is contained in:
bagyenda 2008-08-08 18:35:12 +00:00
parent 85babd8de0
commit f7bc48d88d
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mbuni/ChangeLog
View File

@ -1,6 +1,7 @@
2008-08-08 P. A. Bagyenda <bagyenda@dsmagic.com> 2008-08-08 P. A. Bagyenda <bagyenda@dsmagic.com>
* Fix to content adaptation: Better handling of supported image types * Fix to content adaptation: Better handling of supported image types
thanks to George Barros <gbarros@ipcomsa.com> thanks to George Barros <gbarros@ipcomsa.com>
* Improved stability of mms binary message parser when input is bad
2008-08-06 P. A. Bagyenda <bagyenda@dsmagic.com> 2008-08-06 P. A. Bagyenda <bagyenda@dsmagic.com>
* Additional fixes for bad message formats causing crash * Additional fixes for bad message formats causing crash
* Fix for incorrect From and To headers in DLR and RR messages * Fix for incorrect From and To headers in DLR and RR messages

14
mbuni/mmlib/mms_msg.c
View File

@ -283,7 +283,7 @@ static int mms_unpack_well_known_field(List *unpacked, int field_type,
if (parse_error(context)) { if (parse_error(context)) {
warning(0, "Faulty header [code = %d], skipping remaining headers.", field_type); warning(0, "Faulty header [code = %d], skipping remaining headers.", field_type);
parse_skip_to_limit(context); parse_skip_to_limit(context);
return -1; return -2; /* serious error, bail out */
} }
hname = mms_header_to_cstr(field_type); hname = mms_header_to_cstr(field_type);
@ -615,12 +615,12 @@ static int mms_unpack_well_known_field(List *unpacked, int field_type,
http_header_add(unpacked, (char *)hname, (char *)ch); http_header_add(unpacked, (char *)hname, (char *)ch);
octstr_destroy(decoded); octstr_destroy(decoded);
return val; return val; /* success (we hope) */
value_error: value_error:
warning(0, "Skipping faulty header [code=%d, val=%d]!", field_type, val); warning(0, "Skipping faulty header [code=%d, val=%d]!", field_type, val);
octstr_destroy(decoded); octstr_destroy(decoded);
return -1; return -2;
} }
static int decode_msgheaders(ParseContext *context, List *hdrs, Octstr *from, static int decode_msgheaders(ParseContext *context, List *hdrs, Octstr *from,
@ -639,10 +639,14 @@ static int decode_msgheaders(ParseContext *context, List *hdrs, Octstr *from,
if (byte >= 0x80) if (byte >= 0x80)
val = mms_unpack_well_known_field(hdrs, byte&0x7f, context, from, msgtype, val = mms_unpack_well_known_field(hdrs, byte&0x7f, context, from, msgtype,
unified_prefixes, strip_prefixes); unified_prefixes, strip_prefixes);
else { else if (byte >= 0) {
parse_skip(context, -1); /* Go back a bit. */ parse_skip(context, -1); /* Go back a bit. */
wsp_unpack_app_header(hdrs, context); wsp_unpack_app_header(hdrs, context);
} }
if (val < -1) /* serious parser error occured above. */
break;
if ((byte&0x7f) == MMS_HEADER_CONTENT_TYPE && if ((byte&0x7f) == MMS_HEADER_CONTENT_TYPE &&
stop_on_ctype) stop_on_ctype)
fcont = 0; fcont = 0;

5
mbuni/mmsc/mmsproxy.c
View File

@ -705,9 +705,10 @@ static void sendmms_proxy(MmsHTTPClientInfo *h)
goto forward_done; goto forward_done;
} }
if (mms_decodefetchurl(url, &qf, &token,&mloc) != 0) { if (url == NULL ||
mms_decodefetchurl(url, &qf, &token,&mloc) != 0) {
error(0, "MMS Send interface: failed to decode forward url (%s) from %s!", error(0, "MMS Send interface: failed to decode forward url (%s) from %s!",
octstr_get_cstr(url), url ? octstr_get_cstr(url) : "(null)",
octstr_get_cstr(h->ip)); octstr_get_cstr(h->ip));
mresp = mms_sendconf("Error-permanent-message-not-found", "None", mresp = mms_sendconf("Error-permanent-message-not-found", "None",
octstr_get_cstr(otransid),1,menc); octstr_get_cstr(otransid),1,menc);