[Asterisk-code-review] res pjsip/res pjsip callerid: NULL check on caller id name s... (asterisk[13])

Jenkins2 asteriskteam at digium.com
Thu Apr 27 16:16:48 CDT 2017 

Jenkins2 has submitted this change and it was merged. ( https://gerrit.asterisk.org/5541 )

Change subject: res_pjsip/res_pjsip_callerid: NULL check on caller id name string
......................................................................


res_pjsip/res_pjsip_callerid: NULL check on caller id name string

It's possible for a name in a party id structure to be marked as valid, but the
name string itself be NULL (for instance this is possible to do by using the
dialplan CALLERID function). There were a couple of places where the name was
validated, but the string itself was not checked before passing it to functions
like 'strlen'. This of course caused a crashed.

This patch adds in a NULL check before attempting to pass it into a function
that is not NULL tolerant.

ASTERISK-25823 #close

Change-Id: Iaa6ffe9d92f598fe9e3c8ae373fadbe3dfbf1d4a
---
M res/res_pjsip.c
M res/res_pjsip_caller_id.c
2 files changed, 15 insertions(+), 6 deletions(-)

Approvals:
  George Joseph: Looks good to me, approved
  Richard Mudgett: Looks good to me, but someone else must approve
  Jenkins2: Approved for Submit
  Joshua Colp: Looks good to me, but someone else must approve



diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index fc49856..d47815f 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -4380,11 +4380,15 @@
 	id_uri = pjsip_uri_get_uri(id_name_addr->uri);
 
 	if (id->name.valid) {
-		int name_buf_len = strlen(id->name.str) * 2 + 1;
-		char *name_buf = ast_alloca(name_buf_len);
+		if (!ast_strlen_zero(id->name.str)) {
+			int name_buf_len = strlen(id->name.str) * 2 + 1;
+			char *name_buf = ast_alloca(name_buf_len);
 
-		ast_escape_quoted(id->name.str, name_buf, name_buf_len);
-		pj_strdup2(pool, &id_name_addr->display, name_buf);
+			ast_escape_quoted(id->name.str, name_buf, name_buf_len);
+			pj_strdup2(pool, &id_name_addr->display, name_buf);
+		} else {
+			pj_strdup2(pool, &id_name_addr->display, NULL);
+		}
 	}
 
 	if (id->number.valid) {
diff --git a/res/res_pjsip_caller_id.c b/res/res_pjsip_caller_id.c
index 1b453cf..0aca2db 100644
--- a/res/res_pjsip_caller_id.c
+++ b/res/res_pjsip_caller_id.c
@@ -436,7 +436,7 @@
 	id_name_addr = pjsip_uri_clone(tdata->pool, base->uri);
 	id_uri = pjsip_uri_get_uri(id_name_addr->uri);
 
-	if (id->name.valid) {
+	if (id->name.valid && !ast_strlen_zero(id->name.str)) {
 		int name_buf_len = strlen(id->name.str) * 2 + 1;
 		char *name_buf = ast_alloca(name_buf_len);
 
@@ -450,7 +450,12 @@
 		pj_strdup2(tdata->pool, &id_name_addr->display, NULL);
 	}
 
-	pj_strdup2(tdata->pool, &id_uri->user, id->number.str);
+	if (id->number.valid) {
+		pj_strdup2(tdata->pool, &id_uri->user, id->number.str);
+	} else {
+		/* Similar to name, make sure the number is also cleared when invalid */
+		pj_strdup2(tdata->pool, &id_uri->user, NULL);
+	}
 
 	id_hdr->uri = (pjsip_uri *) id_name_addr;
 	return id_hdr;

-- 
To view, visit https://gerrit.asterisk.org/5541
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iaa6ffe9d92f598fe9e3c8ae373fadbe3dfbf1d4a
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>

More information about the asterisk-code-review mailing list