[Asterisk-code-review] res pjsip: Fix crash with from user containing invalid chara... (asterisk[14])

Benjamin Keith Ford asteriskteam at digium.com
Fri Jul 7 11:30:11 CDT 2017


Benjamin Keith Ford has uploaded this change for review. ( https://gerrit.asterisk.org/5975


Change subject: res_pjsip: Fix crash with from_user containing invalid characters.
......................................................................

res_pjsip: Fix crash with from_user containing invalid characters.

If the from_user field contains certain characters (like @, {, ^, etc.),
PJSIP will return a null value for the URI when attempting to parse it.
This causes a crash when trying to dial out through a trunk that contains
these invalid characters in its from_user field.

This change checks the configuration and ensures that an endpoint will
not be created if the from_user contains an invalid character. It also
adds a null check to the PJSIP URI parsing as a backup.

ASTERISK-27036 #close
Reported by: Maxim Vasilev

Change-Id: I0396fdb5080604e0bdf1277464d5c8a85db913d0
---
M res/res_pjsip.c
M res/res_pjsip/pjsip_configuration.c
2 files changed, 37 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/75/5975/1

diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index f05378c..7094d68 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -3071,6 +3071,12 @@
 	/* Update the dialog with the new local URI, we do it afterwards so we can use the dialog pool for construction */
 	pj_strdup_with_null(dlg->pool, &dlg->local.info_str, &local_uri);
 	dlg->local.info->uri = pjsip_parse_uri(dlg->pool, dlg->local.info_str.ptr, dlg->local.info_str.slen, 0);
+	if (!dlg->local.info->uri) {
+		ast_log(LOG_ERROR,
+			"Could not parse URI '%s' for endpoint '%s'\n",
+			dlg->local.info_str.ptr, ast_sorcery_object_get_id(endpoint));
+		return NULL;
+	}
 
 	dlg->local.contact = pjsip_parse_hdr(dlg->pool, &HCONTACT, local_uri.ptr, local_uri.slen, NULL);
 
diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c
index cc12bff..26725da 100644
--- a/res/res_pjsip/pjsip_configuration.c
+++ b/res/res_pjsip/pjsip_configuration.c
@@ -1147,6 +1147,36 @@
 	return 0;
 }
 
+static int from_user_handler(const struct aco_option *opt,
+	struct ast_variable *var, void *obj)
+{
+	struct ast_sip_endpoint *endpoint = obj;
+	/* Valid non-alphanumeric characters for URI */
+	char *valid_uri_marks = "-_.!~*`()";
+	char *val;
+
+	for (val = ast_strdup(var->value); *val; val++) {
+		if (!strchr(valid_uri_marks, *val) && !isdigit(*val) && !isalpha(*val)) {
+			return -1;
+		}
+	}
+
+	if (ast_string_field_set(endpoint, fromuser, ast_strdup(var->value)) == -1) {
+		return -1;
+	}
+
+	return 0;
+}
+
+static int from_user_to_str(const void *obj, const intptr_t *args, char **buf)
+{
+	const struct ast_sip_endpoint *endpoint = obj;
+
+	*buf = ast_strdup(endpoint->fromuser);
+
+	return 0;
+}
+
 static int set_var_handler(const struct aco_option *opt,
 	struct ast_variable *var, void *obj)
 {
@@ -1912,7 +1942,7 @@
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "cos_video", "0", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, media.cos_video));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "allow_subscribe", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, subscription.allow));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "sub_min_expiry", "0", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, subscription.minexpiry));
-	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "from_user", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, fromuser));
+	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "from_user", "", from_user_handler, from_user_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "from_domain", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, fromdomain));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "mwi_from_user", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, subscription.mwi.fromuser));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "rtp_engine", "asterisk", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, media.rtp.engine));

-- 
To view, visit https://gerrit.asterisk.org/5975
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 14
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0396fdb5080604e0bdf1277464d5c8a85db913d0
Gerrit-Change-Number: 5975
Gerrit-PatchSet: 1
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20170707/1c432165/attachment-0001.html>


More information about the asterisk-code-review mailing list