[Asterisk-code-review] res pjsip messaging: Check URI type before dereferencing (asterisk[13])

Wed Mar 22 12:36:51 CDT 2017

Anonymous Coward #1000019 has submitted this change and it was merged. ( https://gerrit.asterisk.org/5266 )

Change subject: res_pjsip_messaging: Check URI type before dereferencing
......................................................................


res_pjsip_messaging: Check URI type before dereferencing

We aren't validating that the URI we just parsed is a SIP/SIPS one before
trying to access the user, host, and port members of a possibly uninitialized
structure.

Also update the MessageSend documentation to indicate what 'from' formats are
accepted.

ASTERISK-26484 #close
Reported by: Vinod Dharashive

Change-Id: I476b5cc5f18a7713d0ee945374f2a1c164857d30
---
M main/message.c
M res/res_pjsip_messaging.c
2 files changed, 13 insertions(+), 3 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, but someone else must approve
  Mark Michelson: Looks good to me, approved
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, but someone else must approve

diff --git a/main/message.c b/main/message.c
index 594853f..be0035d 100644
--- a/main/message.c
+++ b/main/message.c
@@ -127,8 +127,10 @@
 			</parameter>
 			<parameter name="from" required="false">
 				<para>A From URI for the message if needed for the
-				message technology being used to send this message.</para>
-				<xi:include xpointer="xpointer(/docs/info[@name='MessageFromInfo'])" />
+				message technology being used to send this message. This can be a
+				SIP(S) URI, such as <literal>Alice <sip:alice at atlanta.com></literal>,
+				a string in the format <literal>alice at atlanta.com</literal>, or simply
+				a username such as <literal>alice</literal>.</para>
 			</parameter>
 		</syntax>
 		<description>
diff --git a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c
index 835a383..8b465e0 100644
--- a/res/res_pjsip_messaging.c
+++ b/res/res_pjsip_messaging.c
@@ -235,7 +235,15 @@
 	parsed_name_addr = (pjsip_name_addr *) pjsip_parse_uri(tdata->pool, from,
 		strlen(from), PJSIP_PARSE_URI_AS_NAMEADDR);
 	if (parsed_name_addr) {
-		pjsip_sip_uri *parsed_uri = pjsip_uri_get_uri(parsed_name_addr->uri);
+		pjsip_sip_uri *parsed_uri;
+
+		if (!PJSIP_URI_SCHEME_IS_SIP(parsed_name_addr->uri)
+				&& !PJSIP_URI_SCHEME_IS_SIPS(parsed_name_addr->uri)) {
+			ast_log(LOG_WARNING, "From address '%s' is not a valid SIP/SIPS URI\n", from);
+			return;
+		}
+
+		parsed_uri = pjsip_uri_get_uri(parsed_name_addr->uri);
 
 		if (pj_strlen(&parsed_name_addr->display)) {
 			pj_strdup(tdata->pool, &name_addr->display, &parsed_name_addr->display);

-- 
To view, visit https://gerrit.asterisk.org/5266
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I476b5cc5f18a7713d0ee945374f2a1c164857d30
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>

