<p>Joshua Colp has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/6360">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">pjsip_message_ip_updater: Fix issue handling "tel" URIs<br><br>sanitize_tdata was assuming all URIs were SIP URIs so when a non<br>SIP uri was in the From, To or Contact headers, the unconditional<br>cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused<br>a segfault when trying to access uri->other_param.<br><br>* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)<br> checks before attempting to cast or use the returned uri.<br><br>ASTERISK-27152<br>Reported-by: Ross Beer<br><br>Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f<br>---<br>M res/res_pjsip/pjsip_message_ip_updater.c<br>1 file changed, 43 insertions(+), 13 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/60/6360/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/res/res_pjsip/pjsip_message_ip_updater.c b/res/res_pjsip/pjsip_message_ip_updater.c<br>index 2d07464..099ecaa 100644<br>--- a/res/res_pjsip/pjsip_message_ip_updater.c<br>+++ b/res/res_pjsip/pjsip_message_ip_updater.c<br>@@ -153,7 +153,16 @@<br> return 0;<br> }<br> <br>-static void sanitize_tdata(pjsip_tx_data *tdata)<br>+#define is_sip_uri(uri) \<br>+ (PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri))<br>+<br>+#ifdef AST_DEVMODE<br>+#define FUNC_ATTRS __attribute__ ((noinline))<br>+#else<br>+#define FUNC_ATTRS<br>+#endif<br>+<br>+static void FUNC_ATTRS sanitize_tdata(pjsip_tx_data *tdata)<br> {<br> static const pj_str_t x_name = { AST_SIP_X_AST_TXP, AST_SIP_X_AST_TXP_LEN };<br> pjsip_param *x_transport;<br>@@ -161,29 +170,50 @@<br> pjsip_fromto_hdr *fromto;<br> pjsip_contact_hdr *contact;<br> pjsip_hdr *hdr;<br>+#ifdef AST_DEVMODE<br>+ char hdrbuf[512];<br>+ int hdrbuf_len;<br>+#endif<br> <br> if (tdata->msg->type == PJSIP_REQUEST_MSG) {<br>- uri = pjsip_uri_get_uri(tdata->msg->line.req.uri);<br>- x_transport = pjsip_param_find(&uri->other_param, &x_name);<br>- if (x_transport) {<br>- pj_list_erase(x_transport);<br>+ if (is_sip_uri(tdata->msg->line.req.uri)) {<br>+ uri = pjsip_uri_get_uri(tdata->msg->line.req.uri);<br>+#ifdef AST_DEVMODE<br>+ hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_REQ_URI, uri, hdrbuf, 512);<br>+ ast_debug(2, "Sanitizing Request: %s\n", hdrbuf);<br>+#endif<br>+ while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {<br>+ pj_list_erase(x_transport);<br>+ }<br> }<br> }<br> <br> for (hdr = tdata->msg->hdr.next; hdr != &tdata->msg->hdr; hdr = hdr->next) {<br> if (hdr->type == PJSIP_H_TO || hdr->type == PJSIP_H_FROM) {<br> fromto = (pjsip_fromto_hdr *) hdr;<br>- uri = pjsip_uri_get_uri(fromto->uri);<br>- x_transport = pjsip_param_find(&uri->other_param, &x_name);<br>- if (x_transport) {<br>- pj_list_erase(x_transport);<br>+ if (is_sip_uri(fromto->uri)) {<br>+ uri = pjsip_uri_get_uri(fromto->uri);<br>+#ifdef AST_DEVMODE<br>+ hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, uri, hdrbuf, 512);<br>+ hdrbuf[hdrbuf_len] = '\0';<br>+ ast_debug(2, "Sanitizing From/To: %s\n", hdrbuf);<br>+#endif<br>+ while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {<br>+ pj_list_erase(x_transport);<br>+ }<br> }<br> } else if (hdr->type == PJSIP_H_CONTACT) {<br> contact = (pjsip_contact_hdr *) hdr;<br>- uri = pjsip_uri_get_uri(contact->uri);<br>- x_transport = pjsip_param_find(&uri->other_param, &x_name);<br>- if (x_transport) {<br>- pj_list_erase(x_transport);<br>+ if (is_sip_uri(contact->uri)) {<br>+ uri = pjsip_uri_get_uri(contact->uri);<br>+#ifdef AST_DEVMODE<br>+ hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, uri, hdrbuf, 512);<br>+ hdrbuf[hdrbuf_len] = '\0';<br>+ ast_debug(2, "Sanitizing Contact: %s\n", hdrbuf);<br>+#endif<br>+ while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {<br>+ pj_list_erase(x_transport);<br>+ }<br> }<br> }<br> }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/6360">change 6360</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/6360"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 14.6 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f </div>
<div style="display:none"> Gerrit-Change-Number: 6360 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>