a32049
From: Bogdan-Andrei Iancu <bogdan@opensips.org>
a32049
Date: Thu, 11 Jun 2015 11:09:03 +0300
a32049
Subject: [PATCH] Fix fixing hdr names shorter than 3 chars.
a32049
a32049
The fixup function fails to identify header names shorter than 3 (like To or short formats). This affected script functions like is_present_hf() or remove_hf().
a32049
Reported by Nick Altmann
a32049
a32049
(cherry picked from commit 1f7bae0915ac93ca231ede55c5540560e5489a7b)
a32049
a32049
Conflicts:
a32049
	modules/sipmsgops/sipmsgops.c
a32049
a32049
diff --git a/modules/sipmsgops/sipmsgops.c b/modules/sipmsgops/sipmsgops.c
a32049
index 6fc8f5d..4444f89 100644
a32049
--- a/modules/sipmsgops/sipmsgops.c
a32049
+++ b/modules/sipmsgops/sipmsgops.c
a32049
@@ -780,6 +780,7 @@ static int is_method_f(struct sip_msg *msg, char *meth, char *str2 )
a32049
 static int hname_fixup(void** param, int param_no)
a32049
 {
a32049
 	char *c;
a32049
+	int len;
a32049
 	struct hdr_field hdr;
a32049
 	gparam_p gp = NULL;
a32049
 
a32049
@@ -793,21 +794,23 @@ static int hname_fixup(void** param, int param_no)
a32049
 
a32049
 	if (gp->type == GPARAM_TYPE_STR)
a32049
 	{
a32049
-		c = pkg_malloc(gp->v.sval.len + 1);
a32049
+		/* parse_hname2() accepts a minimum 4 bytes len buffer
a32049
+		 * for parsing, so whatever is the len of the header name,
a32049
+		 * fill it up to 4 */
a32049
+		len = (gp->v.sval.len<3) ? (4) : (gp->v.sval.len+1) ;
a32049
+		c = pkg_malloc( len );
a32049
 		if (!c)
a32049
 			return E_OUT_OF_MEM;
a32049
 
a32049
 		memcpy(c, gp->v.sval.s, gp->v.sval.len);
a32049
 		c[gp->v.sval.len] = ':';
a32049
-		gp->v.sval.len++;
a32049
 
a32049
-		if (parse_hname2(c, c + gp->v.sval.len, &hdr) == 0)
a32049
+		if (parse_hname2(c, c + len, &hdr) == 0)
a32049
 		{
a32049
 			LM_ERR("error parsing header name\n");
a32049
 			return E_UNSPEC;
a32049
 		}
a32049
-		
a32049
-		gp->v.sval.len--;
a32049
+
a32049
 		pkg_free(c);
a32049
 
a32049
 		if (hdr.type != HDR_OTHER_T && hdr.type != HDR_ERROR_T)