[Asterisk-code-review] res pjsip: Validate that contact uris start with sip: or sips: (asterisk[master])

George Joseph asteriskteam at digium.com
Thu Apr 23 09:32:51 CDT 2015 

George Joseph has uploaded a new change for review.

  https://gerrit.asterisk.org/233

Change subject: res_pjsip:  Validate that contact uris start with sip: or sips:
......................................................................

res_pjsip:  Validate that contact uris start with sip: or sips:

Currently we use pjsip_parse_hdr to validate contact uris but it
appears that it allows uris without a scheme if there's a port
supplied.  I.E myexample.com will fail but myexample.com:5060 will
pass even though it has no scheme.  This causes SEGVs later on
whenever the uri is used.

To prevent this, permanent_contact_validate has been updated to check
that the contact starts with either 'sip:' or 'sips:' before calling
pjsip_parse_hdr.

ASTERISK-24999

Change-Id: Ifc17d16a4923e1045d37fe51e43bbe29fa556ca2
Reported-by: Brad Latus
---
M res/res_pjsip/location.c
1 file changed, 9 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/33/233/1

diff --git a/res/res_pjsip/location.c b/res/res_pjsip/location.c
index 2165041..7c850ed 100644
--- a/res/res_pjsip/location.c
+++ b/res/res_pjsip/location.c
@@ -287,10 +287,19 @@
 static int permanent_contact_validate(void *data)
 {
 	const char *value = data;
+	char *contact_uri_lc;
 	pj_pool_t *pool;
 	pj_str_t contact_uri;
 	static const pj_str_t HCONTACT = { "Contact", 7 };
 
+	contact_uri_lc = ast_strdupa(value);
+	contact_uri_lc = ast_str_to_lower(contact_uri_lc);
+
+	if (!(ast_begins_with(contact_uri_lc, "sip:")
+		|| ast_begins_with(contact_uri_lc, "sips:"))) {
+		return -1;
+	}
+
 	pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), "Permanent Contact Validation", 256, 256);
 	if (!pool) {
 		return -1;

-- 
To view, visit https://gerrit.asterisk.org/233
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc17d16a4923e1045d37fe51e43bbe29fa556ca2
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: George Joseph <george.joseph at fairview5.com>

More information about the asterisk-code-review mailing list