[Asterisk-code-review] res pjsip endpoint identifier ip.c: Fix apply identify valid... (asterisk[13])

Richard Mudgett asteriskteam at digium.com
Fri Jan 5 18:10:44 CST 2018 

Richard Mudgett has uploaded this change for review. ( https://gerrit.asterisk.org/7844


Change subject: res_pjsip_endpoint_identifier_ip.c: Fix apply identify validation.
......................................................................

res_pjsip_endpoint_identifier_ip.c: Fix apply identify validation.

The ip_identify_apply() did not validate the configuration for simple
static configuration errors or deal well with address resolution errors.

* Added missing configuration validation checks.
* Fixed address resolution error handling.
* Demoted an error message to a warning since it does not fail applying
the identify object configuration.

Change-Id: I8b519607263fe88e8ce964f526a45359fd362b6e
---
M res/res_pjsip_endpoint_identifier_ip.c
1 file changed, 45 insertions(+), 18 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/44/7844/1

diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c
index 1471623..ba97fd6 100644
--- a/res/res_pjsip_endpoint_identifier_ip.c
+++ b/res/res_pjsip_endpoint_identifier_ip.c
@@ -105,7 +105,7 @@
 	struct ast_ha *matches;
 	/*! \brief Perform SRV resolution of hostnames */
 	unsigned int srv_lookups;
-	/*! \brief Hosts to be resolved after applying configuration */
+	/*! \brief Hosts to be resolved when applying configuration */
 	struct ao2_container *hosts;
 };
 
@@ -150,8 +150,8 @@
 	c_header = ast_strdupa(identify->match_header);
 	c_value = strchr(c_header, ':');
 	if (!c_value) {
-		ast_log(LOG_WARNING, "Identify '%s' has invalid header_match: No ':' separator found!\n",
-			ast_sorcery_object_get_id(identify));
+		/* This should not be possible.  The object cannot be created if so. */
+		ast_assert(c_value == NULL);
 		return 0;
 	}
 	*c_value = '\0';
@@ -161,17 +161,19 @@
 	pj_header_name = pj_str(c_header);
 	header = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &pj_header_name, NULL);
 	if (!header) {
-		ast_debug(3, "SIP message does not contain header '%s'\n", c_header);
+		ast_debug(3, "Identify '%s': SIP message does not have header '%s'\n",
+			ast_sorcery_object_get_id(identify),
+			c_header);
 		return 0;
 	}
 
 	pj_header_value = pj_str(c_value);
 	if (pj_strcmp(&pj_header_value, &header->hvalue)) {
-		ast_debug(3, "SIP message contains header '%s' but value '%.*s' does not match value '%s' for endpoint '%s'\n",
+		ast_debug(3, "Identify '%s': SIP message has header '%s' but value '%.*s' does not match '%s'\n",
+			ast_sorcery_object_get_id(identify),
 			c_header,
 			(int) pj_strlen(&header->hvalue), pj_strbuf(&header->hvalue),
-			c_value,
-			identify->endpoint_name);
+			c_value);
 		return 0;
 	}
 
@@ -261,7 +263,7 @@
 	}
 
 	for (i = 0; i < num_addrs; ++i) {
-		/* Check if the address is already in the list, if so don't bother adding it again */
+		/* Check if the address is already in the list, if so don't add it again */
 		if (identify->matches && (ast_apply_ha(identify->matches, &addrs[i]) != AST_SENSE_ALLOW)) {
 			continue;
 		}
@@ -283,14 +285,13 @@
 }
 
 /*! \brief Helper function which performs an SRV lookup and then resolves the hostname */
-static int ip_identify_match_srv_lookup(struct ip_identify_match *identify, const char *prefix, const char *host)
+static int ip_identify_match_srv_lookup(struct ip_identify_match *identify, const char *prefix, const char *host, int results)
 {
 	char service[NI_MAXHOST];
 	struct srv_context *context = NULL;
 	int srv_ret;
 	const char *srvhost;
 	unsigned short srvport;
-	int results = 0;
 
 	snprintf(service, sizeof(service), "%s.%s", prefix, host);
 
@@ -372,10 +373,33 @@
 	char *current_string;
 	struct ao2_iterator i;
 
+	/* Validate the identify object configuration */
+	if (ast_strlen_zero(identify->endpoint_name)) {
+		ast_log(LOG_ERROR, "Identify '%s' missing required endpoint name.\n",
+			ast_sorcery_object_get_id(identify));
+		return -1;
+	}
+	if (ast_strlen_zero(identify->match_header) /* No header to match */
+		/* and no static IP addresses with a mask */
+		&& !identify->matches
+		/* and no addresses to resolve */
+		&& (!identify->hosts || !ao2_container_count(identify->hosts))) {
+		ast_log(LOG_ERROR, "Identify '%s' is not configured to match anything.\n",
+			ast_sorcery_object_get_id(identify));
+		return -1;
+	}
+	if (!ast_strlen_zero(identify->match_header)
+		&& !strchr(identify->match_header, ':')) {
+		ast_log(LOG_ERROR, "Identify '%s' missing ':' separator in match_header '%s'.\n",
+			ast_sorcery_object_get_id(identify), identify->match_header);
+		return -1;
+	}
+
 	if (!identify->hosts) {
 		return 0;
 	}
 
+	/* Resolve the match addresses now */
 	i = ao2_iterator_init(identify->hosts, 0);
 	while ((current_string = ao2_iterator_next(&i))) {
 		struct ast_sockaddr address;
@@ -383,26 +407,29 @@
 
 		/* If the provided string is not an IP address perform SRV resolution on it */
 		if (identify->srv_lookups && !ast_sockaddr_parse(&address, current_string, 0)) {
-			results = ip_identify_match_srv_lookup(identify, "_sip._udp", current_string);
+			results = ip_identify_match_srv_lookup(identify, "_sip._udp", current_string,
+				results);
 			if (results != -1) {
-				results += ip_identify_match_srv_lookup(identify, "_sip._tcp", current_string);
+				results = ip_identify_match_srv_lookup(identify, "_sip._tcp",
+					current_string, results);
 			}
 			if (results != -1) {
-				results += ip_identify_match_srv_lookup(identify, "_sips._tcp", current_string);
+				results = ip_identify_match_srv_lookup(identify, "_sips._tcp",
+					current_string, results);
 			}
 		}
 
-		/* If SRV falls fall back to a normal lookup on the host itself */
+		/* If SRV fails fall back to a normal lookup on the host itself */
 		if (!results) {
 			results = ip_identify_match_host_lookup(identify, current_string);
 		}
 
 		if (results == 0) {
-			ast_log(LOG_ERROR, "Address '%s' provided on ip endpoint identifier '%s' did not resolve to any address\n",
-				current_string, ast_sorcery_object_get_id(obj));
+			ast_log(LOG_WARNING, "Identify '%s' provided address '%s' did not resolve to any address\n",
+				ast_sorcery_object_get_id(identify), current_string);
 		} else if (results == -1) {
-			ast_log(LOG_ERROR, "An error occurred when adding resolution results of '%s' on '%s'\n",
-				current_string, ast_sorcery_object_get_id(obj));
+			ast_log(LOG_ERROR, "Identify '%s' failed when adding resolution results of '%s'\n",
+				ast_sorcery_object_get_id(identify), current_string);
 			ao2_ref(current_string, -1);
 			ao2_iterator_destroy(&i);
 			return -1;

-- 
To view, visit https://gerrit.asterisk.org/7844
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b519607263fe88e8ce964f526a45359fd362b6e
Gerrit-Change-Number: 7844
Gerrit-PatchSet: 1
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180105/384b0a83/attachment-0001.html>

More information about the asterisk-code-review mailing list