Home Explore Help
Sign In
Kamailio
/
kamailio
mirror of https://github.com/kamailio/kamailio.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

secfilter: in check sql injection function initialize str variables to NULL. In get values from headers it is checked if From or To name is empty to avoid false positives

Jose Luis Verdeguer 6 years ago
parent
6cb53228ff
commit
d309e27b1a
2 changed files with 6 additions and 6 deletions
Split View Show Diff Stats
  1. 4 4
      src/modules/secfilter/secfilter.c
  2. 2 2
      src/modules/secfilter/secfilter_hdr.c

+ 4 - 4
src/modules/secfilter/secfilter.c
View File 

@@ -131,10 +131,10 @@ PREVENT SQL INJECTION
 
 /* External function to search for illegal characters in several headers */
 
 static int w_check_sqli_all(struct sip_msg *msg)
 
 {
 
-	str ua;
 
-	str name;
 
-	str user;
 
-	str domain;
 
+	str ua = STR_NULL;
 
+	str name = STR_NULL;
 
+	str user = STR_NULL;
 
+	str domain = STR_NULL;
 
 	int res;
 
 	int retval = 1;

+ 2 - 2
src/modules/secfilter/secfilter_hdr.c
View File 

@@ -74,7 +74,7 @@ int secf_get_from(struct sip_msg *msg, str *name, str *user, str *domain)
 
 	}
 
 
 	hdr = get_from(msg);
 
-	if(hdr->display.s != NULL) {
 
+	if(hdr->display.s != NULL && hdr->display.len > 0) {
 
 		name->s = hdr->display.s;
 
 		name->len = hdr->display.len;
 
 
@@ -128,7 +128,7 @@ int secf_get_to(struct sip_msg *msg, str *name, str *user, str *domain)
 
 	}
 
 
 	hdr = get_to(msg);
 
-	if(hdr->display.s != NULL) {
 
+	if(hdr->display.s != NULL && hdr->display.len > 0) {
 
 		name->s = hdr->display.s;
 
 		name->len = hdr->display.len;