[asterisk-commits] rizzo: trunk r45976 - /trunk/channels/chan_sip.c

[asterisk-commits at lists.digium.com]

Author: rizzo
Date: Mon Oct 23 10:08:40 2006
New Revision: 45976

URL: http://svn.digium.com/view/asterisk?rev=45976&view=rev
Log:
After reading better the SIP RFC on sip URI (19.1.1)
fix parse_uri() to interpret a missing userinfo
section as a domain-only URI, and comment a wrong
interpretation of the above in check_user_full().

The function has been patched to preserve the existing
behaviour (in what admittedly is a corner case, but
could be received under attacks).
Hopefully the From: based matching will go away soon!


Modified:
    trunk/channels/chan_sip.c

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?rev=45976&r1=45975&r2=45976&view=diff
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Mon Oct 23 10:08:40 2006
@@ -2252,8 +2252,6 @@
 	char *name = NULL;
 	int error = 0;
 
-	ast_verbose("-------- parse_uri '%s' ----\n", uri);
-
 	/* init field as required */
 	if (*pass)
 		*pass = NULL;
@@ -2269,21 +2267,29 @@
 			error = -1;
 		}
 	}
-	if (domain) {
+	if (!domain) {
+		/* if we don't want to split around domain, keep everything as a name,
+		 * so we need to do nothing here, except remember why.
+		 */
+	} else {
 		/* store the result in a temp. variable to avoid it being
 		 * overwritten if arguments point to the same place.
 		 */
 		char *c, *dom = NULL;
 
-		if ((c = strchr(name, '@'))) {
+		if ((c = strchr(name, '@')) == NULL) {
+			/* domain-only URI, according to the SIP RFC. */
+			dom = name;
+			name = NULL;
+		} else {
 			*c++ = '\0';
 			dom = c;
-			if (port && (c = strchr(dom, ':'))) { /* Remove :port */
-				*c++ = '\0';
-				*port = c;
-			}
-		}
-		if (pass && (c = strchr(name, ':'))) {	/* user:password */
+		}
+		if (port && (c = strchr(dom, ':'))) { /* Remove :port */
+			*c++ = '\0';
+			*port = c;
+		}
+		if (name && pass && (c = strchr(name, ':'))) {	/* user:password */
 			*c++ = '\0';
 			*pass = c;
 		}
@@ -2293,6 +2299,7 @@
 		*ret_name = name;
 	if (options)
 		*options = uri;
+
 	return error;
 }
 
@@ -9183,6 +9190,7 @@
 {
 	char from[256];
 	char *dummy;	/* dummy return value for parse_uri */
+	char *domain;	/* dummy return value for parse_uri */
 	char *of;
 	char rpid_num[50];
 	const char *rpid;
@@ -9222,8 +9230,17 @@
 	ast_string_field_set(p, from, of);
 
 	/* ignore all fields but name */
-	if (parse_uri(of, "sip:", &of, &dummy, &dummy, &dummy, &dummy)) {
+	if (parse_uri(of, "sip:", &of, &dummy, &domain, &dummy, &dummy)) {
 		ast_log(LOG_NOTICE, "From address missing 'sip:', using it anyway\n");
+	}
+	if (of == NULL) {
+		/* XXX note: the original code considered a missing @host
+		 * as a username-only URI. The SIP RFC (19.1.1) says that
+		 * this is wrong, and it should be considered as a domain-only URI.
+		 * For backward compatibility, we keep this block, but it is
+		 * really a mistake and should go away.
+		 */
+		of = domain;
 	}
 	{
 		char *tmp = ast_strdupa(of);