From 7d5434f57c71c0f9fecb91fb84fb192d0c9f5978 Mon Sep 17 00:00:00 2001
From: William King <william.king@quentustech.com>
Date: Fri, 16 May 2014 11:50:07 -0700
Subject: [PATCH] CID: 1214223-1214230 If sent an invalid registration
 authentication header with multiple params of the same name, then only use
 the first of the params instead of leaking memory

---
 src/mod/endpoints/mod_sofia/sofia_reg.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/mod/endpoints/mod_sofia/sofia_reg.c b/src/mod/endpoints/mod_sofia/sofia_reg.c
index aeb45baec6..e400e4d54c 100644
--- a/src/mod/endpoints/mod_sofia/sofia_reg.c
+++ b/src/mod/endpoints/mod_sofia/sofia_reg.c
@@ -2581,21 +2581,21 @@ auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile,
 						*p = '\0';
 					}
 
-					if (!strcasecmp(var, "username")) {
+					if (!strcasecmp(var, "username") && !username) {
 						username = strdup(val);
-					} else if (!strcasecmp(var, "realm")) {
+					} else if (!strcasecmp(var, "realm") && !realm) {
 						realm = strdup(val);
-					} else if (!strcasecmp(var, "nonce")) {
+					} else if (!strcasecmp(var, "nonce") && !nonce) {
 						nonce = strdup(val);
-					} else if (!strcasecmp(var, "uri")) {
+					} else if (!strcasecmp(var, "uri") && !uri) {
 						uri = strdup(val);
-					} else if (!strcasecmp(var, "qop")) {
+					} else if (!strcasecmp(var, "qop") && !qop) {
 						qop = strdup(val);
-					} else if (!strcasecmp(var, "cnonce")) {
+					} else if (!strcasecmp(var, "cnonce") && !cnonce) {
 						cnonce = strdup(val);
-					} else if (!strcasecmp(var, "response")) {
+					} else if (!strcasecmp(var, "response") && !response) {
 						response = strdup(val);
-					} else if (!strcasecmp(var, "nc")) {
+					} else if (!strcasecmp(var, "nc") && !nc) {
 						nc = strdup(val);
 					}
 				}