[Asterisk-code-review] res pjsip: Use reasonable buffer lengths for endpoint identi... (asterisk[master])

Joshua Colp asteriskteam at digium.com
Sun Nov 19 16:17:11 CST 2017 

Joshua Colp has submitted this change and it was merged. ( https://gerrit.asterisk.org/7265 )

Change subject: res_pjsip: Use reasonable buffer lengths for endpoint identification
......................................................................

res_pjsip: Use reasonable buffer lengths for endpoint identification

Domains themselves can be up to 255 characters long (per RFC 1035), so
our current buffer sizes are wholly inadequate for many use cases.

Change-Id: If3f30a68307f1365a1fe06bc4b854c62842c9292
---
M res/res_pjsip_endpoint_identifier_anonymous.c
M res/res_pjsip_endpoint_identifier_user.c
2 files changed, 13 insertions(+), 5 deletions(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve
  Corey Farrell: Looks good to me, but someone else must approve
  Richard Mudgett: Looks good to me, approved
  Jenkins2: Approved for Submit



diff --git a/res/res_pjsip_endpoint_identifier_anonymous.c b/res/res_pjsip_endpoint_identifier_anonymous.c
index a529466..a1144a8 100644
--- a/res/res_pjsip_endpoint_identifier_anonymous.c
+++ b/res/res_pjsip_endpoint_identifier_anonymous.c
@@ -56,9 +56,11 @@
 	return 0;
 }
 
+#define DOMAIN_NAME_LEN 255
+
 static struct ast_sip_endpoint *anonymous_identify(pjsip_rx_data *rdata)
 {
-	char domain_name[64], id[AST_UUID_STR_LEN];
+	char domain_name[DOMAIN_NAME_LEN + 1];
 	struct ast_sip_endpoint *endpoint;
 	RAII_VAR(struct ast_sip_domain_alias *, alias, NULL, ao2_cleanup);
 	RAII_VAR(struct ao2_container *, transport_states, NULL, ao2_cleanup);
@@ -70,6 +72,8 @@
 	}
 
 	if (!ast_sip_get_disable_multi_domain()) {
+		char id[sizeof("anonymous@") + DOMAIN_NAME_LEN];
+
 		/* Attempt to find the endpoint given the name and domain provided */
 		snprintf(id, sizeof(id), "anonymous@%s", domain_name);
 		if ((endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id))) {
diff --git a/res/res_pjsip_endpoint_identifier_user.c b/res/res_pjsip_endpoint_identifier_user.c
index 369cb62..ff97a62 100644
--- a/res/res_pjsip_endpoint_identifier_user.c
+++ b/res/res_pjsip_endpoint_identifier_user.c
@@ -74,10 +74,12 @@
 	return 0;
 }
 
+#define DOMAIN_NAME_LEN 255
+#define USERNAME_LEN    255
+
 static struct ast_sip_endpoint *find_endpoint(pjsip_rx_data *rdata, char *endpoint_name,
 	char *domain_name)
 {
-	char id[AST_UUID_STR_LEN];
 	struct ast_sip_endpoint *endpoint;
 	RAII_VAR(struct ast_sip_domain_alias *, alias, NULL, ao2_cleanup);
 	RAII_VAR(struct ao2_container *, transport_states, NULL, ao2_cleanup);
@@ -85,6 +87,8 @@
 	RAII_VAR(struct ast_sip_transport *, transport, NULL, ao2_cleanup);
 
 	if (!ast_sip_get_disable_multi_domain()) {
+		char id[DOMAIN_NAME_LEN + USERNAME_LEN + sizeof("@")];
+
 		/* Attempt to find the endpoint given the name and domain provided */
 		snprintf(id, sizeof(id), "%s@%s", endpoint_name, domain_name);
 		if ((endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id))) {
@@ -116,8 +120,8 @@
 
 static struct ast_sip_endpoint *username_identify(pjsip_rx_data *rdata)
 {
-	char username[64];
-	char domain[64];
+	char username[USERNAME_LEN + 1];
+	char domain[DOMAIN_NAME_LEN + 1];
 	struct ast_sip_endpoint *endpoint;
 
 	if (get_from_header(rdata, username, sizeof(username), domain, sizeof(domain))) {
@@ -149,7 +153,7 @@
 
 static struct ast_sip_endpoint *auth_username_identify(pjsip_rx_data *rdata)
 {
-	char username[64], realm[64];
+	char username[USERNAME_LEN + 1], realm[DOMAIN_NAME_LEN + 1];
 	struct ast_sip_endpoint *endpoint;
 	pjsip_authorization_hdr *auth_header = NULL;
 

-- 
To view, visit https://gerrit.asterisk.org/7265
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: If3f30a68307f1365a1fe06bc4b854c62842c9292
Gerrit-Change-Number: 7265
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171119/075acedf/attachment.html>

More information about the asterisk-code-review mailing list