#38 "strncmp" should not be used to match header names

trunk
closed-fixed
modules (454)
5
2008-10-28
2008-10-27
No

All those results are bugs since they expect header names being case sensitive:

~# /usr/src/opensips-trunk/sources/modules$ grep -ri "strncmp(h" * | grep -v svn
peering/verify.c: if (strncmp(hf->name.s, "P-Request-Hash",
presence/publish.c: if(strncmp(hdr->name.s, "SIP-If-Match",12)==0||
presence/publish.c: strncmp(hdr->name.s,"Sip-If-Match",12)==0 )
pua/send_publish.c: if(strncmp(hdr->name.s, "SIP-ETag",8)==0 )
pua_bla/notify.c: if(strncmp(hdr->name.s, "Subscription-State",18)==0 )
pua_mi/mi_func.c: if(strncmp(hdr->name.s, "SIP-ETag",8)==0 )
pua_xmpp/simple2xmpp.c: if(strncmp(hdr->name.s, "Subscription-State",18)==0 )
pua_xmpp/simple2xmpp.c: if(strncmp(hdr->name.s, "Subscription-State",18)==0 )
pua_xmpp/simple2xmpp.c: if(hdr && strncmp(hdr->body.s,"terminated", 10)== 0)
rls/subscribe.c: if(strncmp(hdr->name.s, "Support", 7)== 0)
rls/subscribe.c: if(strncmp(hdr->body.s+ i, "eventlist", 9)== 0)
rls/resource_notify.c: if(strncmp(hdr->name.s, "Subscription-State", 18)==0)

Discussion

  • Bogdan-Andrei Iancu

    • labels: 1134769 --> modules
    • assigned_to: nobody --> bogdan_iancu
    • status: open --> open-accepted
     
  • Bogdan-Andrei Iancu

    Hi Iñaki,

    I agree with this - I will do the changes.

    Regards,
    Bogdan

     
  • Bogdan-Andrei Iancu

    OK - the fix is available on SVN trunk - after some testing, I will prepare a backport on 1.4.

    Thanks and regards,
    Bogdan

     
  • Bogdan-Andrei Iancu

    • status: open-accepted --> open-fixed
     
  • Iñaki Baz Castillo

    I still see the following potential erros. Some of them are header names, other are protocols "sip = SIP = SiP", parameters, also SDP attributes (AFAIK SDP is also case insensitive):

    modules/msilo/msilo.c: if(!ctaddr.s || ctaddr.len < 6 || strncmp(ctaddr.s, "sip:", 4)
    modules/peering/verify.c: if (strncmp(hf->name.s, "P-Request-Hash",
    modules/pua_bla/notify.c: if(strncmp(hdr->name.s, "Subscription-State",18)==0 )
    modules/pua_bla/notify.c: if(strncmp(sep+1, "expires=", 8)!= 0)
    modules/mediaproxy/mediaproxy.c: if (strncmp(uri.s, "sip:", 4)==0) {
    modules/mediaproxy/mediaproxy.c: if (strncmp(uri.s, "sip:", 4)==0) {
    modules/mediaproxy/mediaproxy.c: if (strncmp(line.s, "sendrecv", 8)==0 || strncmp(line.s, "sendonly", 8)==0 ||
    modules/mediaproxy/mediaproxy.c: strncmp(line.s, "recvonly", 8)==0 || strncmp(line.s, "inactive", 8)==0) {
    modules/rls/subscribe.c: if(ev_param->name.len== 2 && strncmp(ev_param->name.s, "id", 2)== 0)
    modules/rls/subscribe.c: if(strncmp(hdr->name.s, "Support", 7)== 0)
    modules/rls/subscribe.c: if(strncmp(hdr->body.s+ i, "eventlist", 9)== 0)
    modules/rls/resource_notify.c: if(strncmp(smc+1, "reason=", 7))
    modules/rls/resource_notify.c: if(strncmp(smc+1, "expires=", 8))
    modules/rls/resource_notify.c: if(strncmp(hdr->name.s, "Subscription-State", 18)==0)
    modules/rls/resource_notify.c: if(strncmp(row_vals[resource_uri_col].val.string_val,
    modules/pua_mi/mi_func.c: if(strncmp(hdr->name.s, "SIP-ETag",8)==0 )
    modules/pua/send_publish.c: if(strncmp(hdr->name.s, "SIP-ETag",8)==0 )
    modules/pua_xmpp/simple2xmpp.c: (strncmp(msg->event->body.s,"presence",8 )==0))
    modules/pua_xmpp/simple2xmpp.c: (strncmp(msg->event->body.s,"presence.winfo",14 )==0))
    modules/pua_xmpp/simple2xmpp.c: if(strncmp(hdr->name.s, "Subscription-State",18)==0 )
    modules/pua_xmpp/simple2xmpp.c: if(hdr && strncmp(hdr->body.s,"terminated", 10)== 0)
    modules/pua_xmpp/simple2xmpp.c: if(strncmp(hdr->body.s+11,"reason=timeout", 14)== 0)
    modules/pua_xmpp/simple2xmpp.c: if(strncmp(hdr->name.s, "Subscription-State",18)==0 )
    modules/pua_xmpp/simple2xmpp.c: if(hdr && strncmp(hdr->body.s,"terminated", 10)== 0)
    modules/uac/auth_hdr.c: if(val.len>=4 && !strncmp(val.s, "auth", 4))
    modules/presence_mwi/add_events.c: if (strncmp(body.s, "Messages-Waiting", 16) != 0) goto err;
    modules/presence_mwi/add_events.c: if (strncmp(at, "yes", 3) == 0) at = at + 3;
    modules/presence_mwi/add_events.c: if (strncmp(at, "no", 2) == 0) at = at + 2;
    modules/imc/imc_cmd.c: if(cmd->param[0].len<4 || strncmp(cmd->param[0].s, "sip:", 4)!=0)
    modules/imc/imc_cmd.c: if(cmd->param[0].len<=4 || strncmp(cmd->param[0].s, "sip:", 4)!=0)
    modules/speeddial/sdlookup.c: if(user_s.len<4 || strncmp(user_s.s, "sip:", 4))
    modules/presence/event_list.c: if(sep && strncmp(sep+1, "winfo", 5)== 0)
    modules/presence/publish.c: if(strncmp(hdr->name.s, "SIP-If-Match",12)==0||
    modules/presence/publish.c: strncmp(hdr->name.s,"Sip-If-Match",12)==0 )
    parser/parse_event.c: _e->params->name.len== 3 && strncmp(_e->params->name.s, "sla", 3)== 0 )
    parser/sdp/sdp_helpr_funcs.c: if (strncmp(body->s, "a=rtpmap:", 9) !=0) {
    parser/sdp/sdp_helpr_funcs.c: if ( !( (strncmp(cp1, "a=sendrecv", 10) == 0) ||
    parser/sdp/sdp_helpr_funcs.c: (strncmp(cp1, "a=inactive", 10) == 0) ||
    parser/sdp/sdp_helpr_funcs.c: (strncmp(cp1, "a=recvonly", 10) == 0) ||
    parser/sdp/sdp_helpr_funcs.c: (strncmp(cp1, "a=sendonly", 10) == 0) )) {

     
  • Bogdan-Andrei Iancu

    Inaki, have you updated your checkout? all the header searches were fixed (like in peering, pua_bla, rls, pua_mi, pua_xmpp and presence).

    On the other items from the list - uri scheme, values in the headers, SDP info - indeed, they should be case insensitive.

    Please update the list after a SVN update. (use trunk)

    Thanks and regards,
    Bogdan

     
  • Iñaki Baz Castillo

    I updated it when I read your previous post. But now I've updated again (now in revision 4842). It seems that before the commits were not available yet.
    Now header names matching are fixed, thanks a lot.

     
  • Bogdan-Andrei Iancu

    • status: open-fixed --> closed-fixed
     
  • Bogdan-Andrei Iancu

    Iñaki, after some tests (done by Anca), I made the backport to 1.4 also.
    I will close this report as it was for header names only. Please open a new one for the other string matchings.

    Thanks and regards,
    Bogdan

     

Log in to post a comment.