[Bug] Protential Null Pointer Dereference in `sip_parser.c`

[ShangzhiXu]

Hi team, thanks for your great work! I think I found a small vulnerability that might lead to Null Pointer Dereference in the system
At line 672-685 in file sip_parser.c

Description: I'll use the Git-master version as an example. In line 672, member sip->sip_separator is allocated with sip_separator_create

  if (!sip->sip_separator)
    sip->sip_separator = sip_separator_create(msg_home(msg));

Although sip_separator_create and sip_header_alloc contain some internal checks, the caller does not verify whether the allocation actually succeeded. If the allocation fails, it will lead to sip->sip_separator = NULL.

When we try to visit it at line 685 with :

head = sip->sip_separator->sep_common;

It is likely to cause a Null Pointer Dereference bug.

Similar bugs have been previously reported like CVE-2022-3109.

Fix

I think maybe a simple check before line 685 should be sufficient, for example

if (!sip->sip_separator)
    return NULL;   /* or appropriate error handling */