<p>nappsoft has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/15250">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_pjsip_nat.c: Create deep copies of strings when appropriate<br><br>In rewrite_uri asterisk was not making deep copies of strings when<br>changing the uri. This was in some cases causing garbage in the route<br>header and in other cases even crashing asterisk when receiving a<br>message with a record-route header set. Thanks to Ralf Kubis for<br>pointing out why this happens. A similar problem was found in<br>res_pjsip_transport_websocket.c. Pjproject needs as well to be patched<br>to avoid garbage in CANCEL messages.<br><br>ASTERISK-29024 #close<br><br>Change-Id: Ic5acd7fa2fbda3080f5f36ef12e46804939b198b<br>---<br>M res/res_pjsip_nat.c<br>M res/res_pjsip_transport_websocket.c<br>A third-party/pjproject/patches/0070-fix-incorrect-copying-when-creating-cancel.patch<br>3 files changed, 43 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/50/15250/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/res/res_pjsip_nat.c b/res/res_pjsip_nat.c</span><br><span>index 9dab32a..3d6f25d 100644</span><br><span>--- a/res/res_pjsip_nat.c</span><br><span>+++ b/res/res_pjsip_nat.c</span><br><span>@@ -66,14 +66,14 @@</span><br><span>    return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-static void rewrite_uri(pjsip_rx_data *rdata, pjsip_sip_uri *uri)</span><br><span style="color: hsl(120, 100%, 40%);">+static void rewrite_uri(pjsip_rx_data *rdata, pjsip_sip_uri *uri, pj_pool_t *pool)</span><br><span> {</span><br><span> </span><br><span>       if (pj_strcmp2(&uri->host, rdata->pkt_info.src_name) != 0) {</span><br><span>               save_orig_contact_host(rdata, uri);</span><br><span>  }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-   pj_cstr(&uri->host, rdata->pkt_info.src_name);</span><br><span style="color: hsl(120, 100%, 40%);">+      pj_strdup2(pool, &uri->host, rdata->pkt_info.src_name);</span><br><span>    uri->port = rdata->pkt_info.src_port;</span><br><span>  if (!strcasecmp("WSS", rdata->tp_info.transport->type_name)) {</span><br><span>               /* WSS is special, we don't want to overwrite the URI at all as it needs to be ws */</span><br><span>@@ -151,14 +151,14 @@</span><br><span> </span><br><span>         if (rr) {</span><br><span>            uri = pjsip_uri_get_uri(&rr->name_addr);</span><br><span style="color: hsl(0, 100%, 40%);">-         rewrite_uri(rdata, uri);</span><br><span style="color: hsl(120, 100%, 40%);">+              rewrite_uri(rdata, uri, rdata->tp_info.pool);</span><br><span>             res = 0;</span><br><span>     }</span><br><span> </span><br><span>        if (dlg && !pj_list_empty(&dlg->route_set) && !dlg->route_set_frozen) {</span><br><span>            pjsip_routing_hdr *route = dlg->route_set.next;</span><br><span>           uri = pjsip_uri_get_uri(&route->name_addr);</span><br><span style="color: hsl(0, 100%, 40%);">-              rewrite_uri(rdata, uri);</span><br><span style="color: hsl(120, 100%, 40%);">+              rewrite_uri(rdata, uri, dlg->pool);</span><br><span>               res = 0;</span><br><span>     }</span><br><span> </span><br><span>@@ -184,7 +184,7 @@</span><br><span>  if (contact && !contact->star && (PJSIP_URI_SCHEME_IS_SIP(contact->uri) || PJSIP_URI_SCHEME_IS_SIPS(contact->uri))) {</span><br><span>               pjsip_sip_uri *uri = pjsip_uri_get_uri(contact->uri);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-            rewrite_uri(rdata, uri);</span><br><span style="color: hsl(120, 100%, 40%);">+              rewrite_uri(rdata, uri, rdata->tp_info.pool);</span><br><span> </span><br><span>                 if (dlg && pj_list_empty(&dlg->route_set) && (!dlg->remote.contact</span><br><span>                         || pjsip_uri_cmp(PJSIP_URI_IN_REQ_URI, dlg->remote.contact->uri, contact->uri))) {</span><br><span>diff --git a/res/res_pjsip_transport_websocket.c b/res/res_pjsip_transport_websocket.c</span><br><span>index 4f47a8c..1b882da 100644</span><br><span>--- a/res/res_pjsip_transport_websocket.c</span><br><span>+++ b/res/res_pjsip_transport_websocket.c</span><br><span>@@ -454,7 +454,7 @@</span><br><span>                           pj_strbuf(txp_str));</span><br><span>                 }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-           pj_cstr(&uri->host, rdata->pkt_info.src_name);</span><br><span style="color: hsl(120, 100%, 40%);">+              pj_strdup2(rdata->tp_info.pool, &uri->host, rdata->pkt_info.src_name);</span><br><span>          uri->port = rdata->pkt_info.src_port;</span><br><span>          pj_strdup(rdata->tp_info.pool, &uri->transport_param, txp_str);</span><br><span>    }</span><br><span>diff --git a/third-party/pjproject/patches/0070-fix-incorrect-copying-when-creating-cancel.patch b/third-party/pjproject/patches/0070-fix-incorrect-copying-when-creating-cancel.patch</span><br><span>new file mode 100644</span><br><span>index 0000000..95725c1</span><br><span>--- /dev/null</span><br><span>+++ b/third-party/pjproject/patches/0070-fix-incorrect-copying-when-creating-cancel.patch</span><br><span>@@ -0,0 +1,37 @@</span><br><span style="color: hsl(120, 100%, 40%);">+From ce18018cc17bef8f80c08686e3a7b28384ef3ba5 Mon Sep 17 00:00:00 2001</span><br><span style="color: hsl(120, 100%, 40%);">+From: sauwming <ming@teluu.com></span><br><span style="color: hsl(120, 100%, 40%);">+Date: Mon, 12 Oct 2020 13:31:25 +0800</span><br><span style="color: hsl(120, 100%, 40%);">+Subject: [PATCH] Fix incorrect copying of destination info when creating</span><br><span style="color: hsl(120, 100%, 40%);">+ CANCEL (#2546)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+---</span><br><span style="color: hsl(120, 100%, 40%);">+ pjsip/src/pjsip/sip_util.c | 10 +++++-----</span><br><span style="color: hsl(120, 100%, 40%);">+ 1 file changed, 5 insertions(+), 5 deletions(-)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c</span><br><span style="color: hsl(120, 100%, 40%);">+index d10a6fa30..a1bf878ea 100644</span><br><span style="color: hsl(120, 100%, 40%);">+--- a/pjsip/src/pjsip/sip_util.c</span><br><span>++++ b/pjsip/src/pjsip/sip_util.c</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -779,14 +779,14 @@ PJ_DEF(pj_status_t) pjsip_endpt_create_cancel( pjsip_endpoint *endpt,</span><br><span style="color: hsl(120, 100%, 40%);">+            pjsip_hdr_clone(cancel_tdata->pool, req_tdata->saved_strict_route);</span><br><span style="color: hsl(120, 100%, 40%);">+     }</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+-    /* Copy the destination host name from the original request */</span><br><span style="color: hsl(120, 100%, 40%);">+-    pj_strdup(cancel_tdata->pool, &cancel_tdata->dest_info.name,</span><br><span style="color: hsl(120, 100%, 40%);">+-         &req_tdata->dest_info.name);</span><br><span style="color: hsl(120, 100%, 40%);">+-</span><br><span style="color: hsl(120, 100%, 40%);">+-    /* Finally copy the destination info from the original request */</span><br><span style="color: hsl(120, 100%, 40%);">++    /* Copy the destination info from the original request */</span><br><span style="color: hsl(120, 100%, 40%);">+     pj_memcpy(&cancel_tdata->dest_info, &req_tdata->dest_info,</span><br><span style="color: hsl(120, 100%, 40%);">+         sizeof(req_tdata->dest_info));</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">++    /* Finally, copy the destination host name from the original request */</span><br><span style="color: hsl(120, 100%, 40%);">++    pj_strdup(cancel_tdata->pool, &cancel_tdata->dest_info.name,</span><br><span style="color: hsl(120, 100%, 40%);">++              &req_tdata->dest_info.name);</span><br><span style="color: hsl(120, 100%, 40%);">++</span><br><span style="color: hsl(120, 100%, 40%);">+     /* Done.</span><br><span style="color: hsl(120, 100%, 40%);">+      * Return the transmit buffer containing the CANCEL request.</span><br><span style="color: hsl(120, 100%, 40%);">+      */</span><br><span style="color: hsl(120, 100%, 40%);">+-- </span><br><span style="color: hsl(120, 100%, 40%);">+2.25.1</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/15250">change 15250</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/15250"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ic5acd7fa2fbda3080f5f36ef12e46804939b198b </div>
<div style="display:none"> Gerrit-Change-Number: 15250 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: nappsoft <infos@nappsoft.ch> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>