secfilter: in check sql injection function initialize str variables to NULL. In get values from headers it is checked if From or To name is empty to avoid false positives

src/modules/secfilter/secfilter.c

@@ -131,10 +131,10 @@ PREVENT SQL INJECTION
 /* External function to search for illegal characters in several headers */
 static int w_check_sqli_all(struct sip_msg *msg)
 {
-	str ua;
-	str name;
-	str user;
-	str domain;
+	str ua = STR_NULL;
+	str name = STR_NULL;
+	str user = STR_NULL;
+	str domain = STR_NULL;
 	int res;
 	int retval = 1;
 

src/modules/secfilter/secfilter_hdr.c

@@ -74,7 +74,7 @@ int secf_get_from(struct sip_msg *msg, str *name, str *user, str *domain)
 	}
 
 	hdr = get_from(msg);
-	if(hdr->display.s != NULL) {
+	if(hdr->display.s != NULL && hdr->display.len > 0) {
 		name->s = hdr->display.s;
 		name->len = hdr->display.len;
 
@@ -128,7 +128,7 @@ int secf_get_to(struct sip_msg *msg, str *name, str *user, str *domain)
 	}
 
 	hdr = get_to(msg);
-	if(hdr->display.s != NULL) {
+	if(hdr->display.s != NULL && hdr->display.len > 0) {
 		name->s = hdr->display.s;
 		name->len = hdr->display.len;