[asterisk-commits] mmichelson: trunk r149131 - in /trunk: ./ channels/chan_sip.c

[SVN commits to the Asterisk project]

Author: mmichelson
Date: Tue Oct 14 16:08:48 2008
New Revision: 149131

URL: http://svn.digium.com/view/asterisk?view=rev&rev=149131
Log:
Merged revisions 149130 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r149130 | mmichelson | 2008-10-14 15:49:02 -0500 (Tue, 14 Oct 2008) | 7 lines

Don't allow reserved characters to be used in register
lines in sip.conf.

(closes issue #13570)
Reported by: putnopvut


........

Modified:
    trunk/   (props changed)
    trunk/channels/chan_sip.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=149131&r1=149130&r2=149131
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Tue Oct 14 16:08:48 2008
@@ -211,6 +211,8 @@
 #define	SIPBUFSIZE		512
 
 #define XMIT_ERROR		-2
+
+#define SIP_RESERVED ";/?:@&=+$,# "
 
 /* #define VOCAL_DATA_HACK */
 
@@ -6399,8 +6401,10 @@
 	enum sip_transport transport = SIP_TRANSPORT_UDP;
 	char buf[256] = "";
 	char *username = NULL;
+	char *port = NULL;
 	char *hostname=NULL, *secret=NULL, *authuser=NULL, *expire=NULL;
 	char *callback=NULL;
+	char *reserved = NULL;
 
 	if (!value)
 		return -1;
@@ -6424,6 +6428,15 @@
 		authuser = strchr(secret, ':');
 		if (authuser)
 			*authuser++ = '\0';
+	}
+	if ((reserved = strpbrk(username, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	if (!ast_strlen_zero(secret) && (reserved = strpbrk(secret, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	if (!ast_strlen_zero(authuser) && (reserved = strpbrk(authuser, SIP_RESERVED))) {
+		goto invalid_char;
 	}
 	/* split host[:port][/contact] */
 	expire = strchr(hostname, '~');
@@ -6434,6 +6447,19 @@
 		*callback++ = '\0';
 	if (ast_strlen_zero(callback))
 		callback = "s";
+	/* Separate host from port when checking for reserved characters
+	 */
+	if ((port = strchr(hostname, ':'))) {
+		*port = '\0';
+	}
+	if ((reserved = strpbrk(hostname, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	/* And then re-merge the host and port so they are stored correctly
+	 */
+	if (port) {
+		*port = ':';
+	}
 	if (!(reg = ast_calloc(1, sizeof(*reg)))) {
 		ast_log(LOG_ERROR, "Out of memory. Can't allocate SIP registry entry\n");
 		return -1;
@@ -6467,6 +6493,10 @@
 	ASTOBJ_CONTAINER_LINK(&regl, reg); /* Add the new registry entry to the list */
 	registry_unref(reg, "unref the reg pointer");	/* release the reference given by ASTOBJ_INIT. The container has another reference */
 	return 0;
+
+invalid_char:
+	ast_log(LOG_WARNING, "A reserved character ('%c') was used in a \"register\" line. This registration will not occur\n", *reserved);
+	return -1;
 }
 
 /*! \brief Parse mwi=> line in sip.conf and add to list */