- fixed rport overwritting bugs

msg_translator.c

@@ -225,8 +225,8 @@ char* rport_builder(struct sip_msg *msg, unsigned int *rport_len)
 	
 	tmp_len=0;
 	tmp=int2str(ntohs(msg->rcv.src_port), &tmp_len);
-	len=RPORT_LEN+tmp_len+1; /* space for null term */
-	buf=pkg_malloc(sizeof(char)*len);
+	len=RPORT_LEN+tmp_len; /* space for null term */
+	buf=pkg_malloc(sizeof(char)*(len+1));
 	if (buf==0){
 		ser_error=E_OUT_OF_MEM;
 		LOG(L_ERR, "ERROR: rport_builder: out of memory\n");
@@ -234,7 +234,7 @@ char* rport_builder(struct sip_msg *msg, unsigned int *rport_len)
 	}
 	memcpy(buf, RPORT, RPORT_LEN);
 	memcpy(buf+RPORT_LEN, tmp, tmp_len);
-	buf[len]=0; /*null terminate it*/
+	buf[len+1]=0; /*null terminate it*/
 	
 	*rport_len=len;
 	return buf;
@@ -257,8 +257,8 @@ char* id_builder(struct sip_msg* msg, unsigned int *id_len)
 		return 0;
 	}
 	value_len=p-&revhex[0];
-	len=ID_PARAM_LEN+value_len+1; /* place for ending \0 */
-	buf=pkg_malloc(sizeof(char)*len);
+	len=ID_PARAM_LEN+value_len; /* place for ending \0 */
+	buf=pkg_malloc(sizeof(char)*(len+1));
 	if (buf==0){
 		ser_error=E_OUT_OF_MEM;
 		LOG(L_ERR, "ERROR: rport_builder: out of memory\n");
@@ -266,7 +266,7 @@ char* id_builder(struct sip_msg* msg, unsigned int *id_len)
 	}
 	memcpy(buf, ID_PARAM, ID_PARAM_LEN);
 	memcpy(buf+ID_PARAM_LEN, revhex, value_len);
-	buf[len]=0; /* null terminate it */
+	buf[len+1]=0; /* null terminate it */
 	*id_len=len;
 	return buf;
 }
@@ -567,7 +567,7 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
 	/* if rport needs to be updated, delete it and add it's value */
 	if (rport_len){
 		anchor=del_lump(&(msg->add_rm), msg->via1->rport->name.s-buf-1, /*';'*/
-							msg->via1->rport->name.len, HDR_VIA);
+							msg->via1->rport->size+1 /* ; */, HDR_VIA);
 		if (anchor==0) goto error03; /* free rport_buf*/
 		if (insert_new_lump_after(anchor, rport_buf, rport_len, HDR_VIA)==0)
 			goto error03; /* free rport_buf*/

parser/parse_via.c

@@ -159,6 +159,7 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
 			case '\n':
 				switch(state){
 					case FIN_HIDDEN:
+					case FIN_RPORT:
 						*tmp=0;
 						param->type=state;
 						param->name.len=tmp-param->name.s;
@@ -169,7 +170,6 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
 					case FIN_TTL:
 					case FIN_MADDR:
 					case FIN_RECEIVED:
-					case FIN_RPORT:
 					case FIN_I:
 						*tmp=0;
 						param->type=state;
@@ -201,6 +201,7 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
 			case '\r':
 				switch(state){
 					case FIN_HIDDEN:
+					case FIN_RPORT:
 						*tmp=0;
 						param->type=state;
 						param->name.len=tmp-param->name.s;
@@ -211,7 +212,6 @@ static /*inline*/ char* parse_via_param(char* p, char* end,
 					case FIN_TTL:
 					case FIN_MADDR:
 					case FIN_RECEIVED:
-					case FIN_RPORT:
 					case FIN_I:
 						*tmp=0;
 						param->type=state;
@@ -1767,8 +1767,7 @@ parse_again:
 								break;
 							case END_OF_HEADER:
 								vb->params.len=tmp-vb->params.s;
-								state=saved_state;
-								goto endofheader;
+								break;
 							case PARAM_ERROR:
 								pkg_free(param);
 								goto error;
@@ -1791,6 +1790,11 @@ parse_again:
 							vb->rport=param;
 						else if (param->type==PARAM_I)
 							vb->i=param;
+						
+						if (state==END_OF_HEADER){
+							state=saved_state;
+							goto endofheader;
+						}
 						break;
 					case P_PARAM:
 						break;

test/invite00.sip

@@ -1,5 +1,5 @@
 INVITE sip:[email protected] SIP/2.0
-Via: SIP/2.0/UDP 195.37.77.100:5040
+Via: SIP/2.0/UDP 195.37.77.100:5040;  rport
 Max-Forwards: 10
 From: "jiri" <sip:[email protected]>;tag=76ff7a07-c091-4192-84a0-d56e91fe104f
 To: <sip:[email protected]>