<p>Kevin Harwell has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7729">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2017-014: res_pjsip - Missing contact header can cause crash<br><br>Those SIP messages that create dialogs require a contact header to be present.<br>If the contact header was missing from the message it could cause Asterisk to<br>crash.<br><br>This patch checks to make sure SIP messages that create a dialog contain the<br>contact header. If the message does not and it is required Asterisk now returns<br>a "400 Missing Contact header" response. Also added NULL checks when retrieving<br>the contact header that were missing as a "just in case".<br><br>ASTERISK-27480 #close<br><br>Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe<br>(cherry picked from commit f6757b1d60512e91e60f808a772d9681cbe65dee)<br>---<br>M res/res_pjsip.c<br>M res/res_pjsip/pjsip_message_filter.c<br>M res/res_pjsip_pubsub.c<br>3 files changed, 22 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/29/7729/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/res/res_pjsip.c b/res/res_pjsip.c<br>index 9e436ae3..4392677 100644<br>--- a/res/res_pjsip.c<br>+++ b/res/res_pjsip.c<br>@@ -3224,7 +3224,7 @@<br>  ast_assert(status != NULL);<br> <br>        contact_hdr = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);<br>-     if (ast_sip_set_tpselector_from_ep_or_uri(endpoint, pjsip_uri_get_uri(contact_hdr->uri),<br>+  if (!contact_hdr || ast_sip_set_tpselector_from_ep_or_uri(endpoint, pjsip_uri_get_uri(contact_hdr->uri),<br>           &selector)) {<br>             return NULL;<br>  }<br>diff --git a/res/res_pjsip/pjsip_message_filter.c b/res/res_pjsip/pjsip_message_filter.c<br>index 978aeb0..8a63219 100644<br>--- a/res/res_pjsip/pjsip_message_filter.c<br>+++ b/res/res_pjsip/pjsip_message_filter.c<br>@@ -429,15 +429,27 @@<br>             return PJ_TRUE;<br>       }<br> <br>- while ((contact =<br>-            (pjsip_contact_hdr *) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT,<br>-                    contact ? contact->next : NULL))) {<br>+<br>+    contact = (pjsip_contact_hdr *) pjsip_msg_find_hdr(<br>+          rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);<br>+<br>+   if (!contact && pjsip_method_creates_dialog(&rdata->msg_info.msg->line.req.method)) {<br>+              /* A contact header is required for dialog creating methods */<br>+               static const pj_str_t missing_contact = { "Missing Contact header", 22 };<br>+          pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 400,<br>+                              &missing_contact, NULL, NULL);<br>+           return PJ_TRUE;<br>+      }<br>+<br>+ while (contact) {<br>             if (!contact->star && !is_sip_uri(contact->uri)) {<br>                      print_uri_debug(URI_TYPE_CONTACT, rdata, (pjsip_hdr *)contact);<br>                       pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,<br>                            PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);<br>                   return PJ_TRUE;<br>               }<br>+            contact = (pjsip_contact_hdr *) pjsip_msg_find_hdr(<br>+                  rdata->msg_info.msg, PJSIP_H_CONTACT, contact->next);<br>   }<br> <br>  return PJ_FALSE;<br>diff --git a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c<br>index bcf8677..ba89d04 100644<br>--- a/res/res_pjsip_pubsub.c<br>+++ b/res/res_pjsip_pubsub.c<br>@@ -613,8 +613,12 @@<br>               expires = expires_hdr ? expires_hdr->ivalue : DEFAULT_PUBLISH_EXPIRES;<br>             sub_tree->persistence->expires = ast_tvadd(ast_tvnow(), ast_samp2tv(expires, 1));<br> <br>-           pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, contact_hdr->uri,<br>-                       sub_tree->persistence->contact_uri, sizeof(sub_tree->persistence->contact_uri));<br>+         if (contact_hdr) {<br>+                   pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, contact_hdr->uri,<br>+                                       sub_tree->persistence->contact_uri, sizeof(sub_tree->persistence->contact_uri));<br>+         } else {<br>+                     ast_log(LOG_WARNING, "Contact not updated due to missing contact header\n");<br>+               }<br> <br>          /* When receiving a packet on an streaming transport, it's possible to receive more than one SIP<br>           * message at a time into the rdata->pkt_info.packet buffer. However, the rdata->msg_info.msg_buf<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7729">change 7729</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7729"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 14.7 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe </div>
<div style="display:none"> Gerrit-Change-Number: 7729 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Kevin Harwell <kharwell@digium.com> </div>