From a43ab3ca9b519828185cfc13a62e61d6d34624b8 Mon Sep 17 00:00:00 2001 From: Kyle M Hall Date: Tue, 30 Jun 2020 14:37:21 -0400 Subject: [PATCH] Bug 25903: Sending a SIP patron information request with a summary field flag in indexes 6-9 will crash server The 'summary' field in the patron information request specifies if detail information should be send for holds, overdues, fines, etc. The field is 10 characters in length (0-9). However, the SIP2 spec only defines indexes 0 though 5, leave 6 though 9 undefined. Some ILSs specify behavior for these undefined indexes. Apparently the 7th field is often used to request 'Fees', as opposed to 'Fines' in some ILS. Some software that integrate via SIP try both the 5th and 7th indexes to ensure they get all fines and fees. The problem is that Koha's SIP server crashes if any 'summary' index beyond 5 is flagged. We should simply ignore flags beyond 5 and act as if no flags were sent. Test Plan: 1) Enable SIP for your instance 2) Send a patron information request with a summary flag in any index beyond 5. i.e.: 6300120200617 124846 Y AOMIDAY|AA21030050054321 3) Note the SIP server just closes the connection without a response 4) Apply this patch 5) Restart the SIP server 6) Send the same request 7) Note you get back the patron information response! Signed-off-by: Kyle M Hall Signed-off-by: Jeff Gaines Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart (cherry picked from commit fd4dbba7fb25bb73bcee152c84e704f9796664fd) Signed-off-by: Lucas Gass (cherry picked from commit b870bac520083283abb199a059ed767165ead677) Signed-off-by: Aleisha Amohia --- C4/SIP/Sip/MsgType.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/C4/SIP/Sip/MsgType.pm b/C4/SIP/Sip/MsgType.pm index 1ff9bb0093..ca70ed6c2d 100644 --- a/C4/SIP/Sip/MsgType.pm +++ b/C4/SIP/Sip/MsgType.pm @@ -908,7 +908,6 @@ sub handle_login { sub summary_info { my ( $ils, $patron, $summary, $start, $end, $server ) = @_; my $resp = ''; - my $summary_type; # # Map from offsets in the "summary" field of the Patron Information @@ -923,9 +922,10 @@ sub summary_info { { func => $patron->can("unavail_holds"), fid => FID_UNAVAILABLE_HOLD_ITEMS }, ); - if ( ( $summary_type = index( $summary, 'Y' ) ) == -1 ) { - return ''; # No detailed information required - } + my $summary_type = index( $summary, 'Y' ); + return q{} if $summary_type == -1; # No detailed information required. + return q{} if $summary_type > 5; # Positions 6-9 are not defined in the sip spec, + # and we have no extensions to handle them. syslog( "LOG_DEBUG", "Summary_info: index == '%d', field '%s'", $summary_type, $summary_map[$summary_type]->{fid} ); -- 2.39.5