Hi folks,

We identified a memory leak in *utils* module, when calling the http_query() function. a memory piece is allocated with malloc() to store http request result string (functions.c:54), but this memory is never freed.

There is also a possible crash issue, because curl_easy_getinfo() is called *after* curl_easy_cleanup(), which must not be done (see http://curl.haxx.se/libcurl/c/curl_easy_cleanup.html)

I attached patches to fix those issues (applies to 4.0 branch)

Regards,
Guillaume Bour
diff --git a/kamailio-4.0.5.1/modules/utils/functions.c b/kamailio-4.0.5.1/modules/utils/functions.c
index 7f88ae6..660050d 100644
--- a/kamailio-4.0.5.1/modules/utils/functions.c
+++ b/kamailio-4.0.5.1/modules/utils/functions.c
@@ -133,7 +133,7 @@ int http_query(struct sip_msg* _m, char* _url, char* _dst)
 	}
 	val.rs.s = stream;
 	val.rs.len = at - stream;
-	LM_DBG("http)query result: %.*s\n", val.rs.len, val.rs.s);
+	LM_DBG("http_query result: %.*s\n", val.rs.len, val.rs.s);
 	val.flags = PV_VAL_STR;
 	dst = (pv_spec_t *)_dst;
 	dst->setf(_m, &dst->pvp, (int)EQ_T, &val);
diff --git a/kamailio-4.0.5.1/modules/utils/functions.c b/kamailio-4.0.5.1/modules/utils/functions.c
index 3b2ec76..7f88ae6 100644
--- a/kamailio-4.0.5.1/modules/utils/functions.c
+++ b/kamailio-4.0.5.1/modules/utils/functions.c
@@ -112,10 +112,10 @@ int http_query(struct sip_msg* _m, char* _url, char* _dst)
 
     res = curl_easy_perform(curl);  
     pkg_free(url);
-    curl_easy_cleanup(curl);
 
     if (res != CURLE_OK) {
 	LM_ERR("failed to perform curl\n");
+	curl_easy_cleanup(curl);
 	if(stream)
 		pkg_free(stream);
 	return -1;
@@ -139,6 +139,7 @@ int http_query(struct sip_msg* _m, char* _url, char* _dst)
 	dst->setf(_m, &dst->pvp, (int)EQ_T, &val);
     }
 	
+    curl_easy_cleanup(curl);
     pkg_free(stream);
     return stat;
 }
diff --git a/kamailio-4.0.5.1/modules/utils/functions.c b/kamailio-4.0.5.1/modules/utils/functions.c
index aadfdd5..3b2ec76 100644
--- a/kamailio-4.0.5.1/modules/utils/functions.c
+++ b/kamailio-4.0.5.1/modules/utils/functions.c
@@ -51,7 +51,7 @@ size_t write_function( void *ptr, size_t size, size_t nmemb, void *stream)
     /* Allocate memory and copy */
     char* data;
 
-    data = (char*)malloc((size* nmemb) + 1);
+    data = (char*)pkg_malloc((size* nmemb) + 1);
     if (data == NULL) {
 	LM_ERR("cannot allocate memory for stream\n");
 	return CURLE_WRITE_ERROR;
@@ -76,7 +76,7 @@ int http_query(struct sip_msg* _m, char* _url, char* _dst)
     CURLcode res;  
     str value;
     char *url, *at;
-    char* stream;
+    char* stream = NULL;
     long stat;
     pv_spec_t *dst;
     pv_value_t val;
@@ -116,6 +116,8 @@ int http_query(struct sip_msg* _m, char* _url, char* _dst)
 
     if (res != CURLE_OK) {
 	LM_ERR("failed to perform curl\n");
+	if(stream)
+		pkg_free(stream);
 	return -1;
     }
 
@@ -137,5 +139,6 @@ int http_query(struct sip_msg* _m, char* _url, char* _dst)
 	dst->setf(_m, &dst->pvp, (int)EQ_T, &val);
     }
 	
+    pkg_free(stream);
     return stat;
 }
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to