<p><a href="https://gerrit.asterisk.org/c/asterisk/+/15763">View Change</a></p><p>2 comments:</p><ul style="list-style: none; padding: 0;"><li style="margin: 0; padding: 0;"><p><a href="https://gerrit.asterisk.org/c/asterisk/+/15763/1/res/res_pjsip_dialog_info_body_generator.c">File res/res_pjsip_dialog_info_body_generator.c:</a></p><ul style="list-style: none; padding: 0;"><li style="margin: 0; padding: 0 0 0 16px;"><p style="margin-bottom: 4px;"><a href="https://gerrit.asterisk.org/c/asterisk/+/15763/1/res/res_pjsip_dialog_info_body_generator.c@156">Patch Set #1, Line 156:</a> <code style="font-family:monospace,monospace">          from_domain = endpoint ? (!ast_strlen_zero(endpoint->fromdomain) ? endpoint->fromdomain : invalid) : NULL;</code></p><p><blockquote style="border-left: 1px solid #aaa; margin: 10px 0; padding: 0 10px;">The concern here was that 'endpoint' info may not contain 'fromdomain' info, so in order to prevent  […]</blockquote></p><p style="white-space: pre-wrap; word-wrap: break-word;">No, I'm saying that from_domain is being set to endpoint->fromdomain without holding a reference to endpoint (to guarantee that endpoint remains valid, and thus endpoint->fromdomain remains valid). This is fine, however, because the subscription holds a reference to endpoint. That's why I stated about adding a comment so if someone sees this they'll understand it's fine.</p></li><li style="margin: 0; padding: 0 0 0 16px;"><p style="margin-bottom: 4px;"><a href="https://gerrit.asterisk.org/c/asterisk/+/15763/1/res/res_pjsip_dialog_info_body_generator.c@207">Patch Set #1, Line 207:</a> <code style="font-family:monospace,monospace">                 need = strlen(connected_num) + (connected_num_restricted ? strlen(invalid) :</code></p><p><blockquote style="border-left: 1px solid #aaa; margin: 10px 0; padding: 0 10px;">I didn't write this line, I presume it's to prevent injection and buffer overflow. […]</blockquote></p><p style="white-space: pre-wrap; word-wrap: break-word;">if need exceeds PJSIP_MAX_URL_SIZE for some reason then this would actually cause a buffer overflow, as snprintf accepts the maximum size to write. It should instead use sizeof(remote_target) I believe.</p></li></ul></li></ul><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/15763">change 15763</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/15763"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: I20c5cf5b45f34d7179df6573c5abf863eb72964b </div>
<div style="display:none"> Gerrit-Change-Number: 15763 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Joe <ynadiv@corpit.xyz> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-CC: Friendly Automation </div>
<div style="display:none"> Gerrit-Comment-Date: Wed, 14 Apr 2021 17:37:53 +0000 </div>
<div style="display:none"> Gerrit-HasComments: Yes </div>
<div style="display:none"> Gerrit-Has-Labels: No </div>
<div style="display:none"> Comment-In-Reply-To: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Comment-In-Reply-To: Joe <ynadiv@corpit.xyz> </div>
<div style="display:none"> Gerrit-MessageType: comment </div>