[asterisk-commits] mmichelson: branch 1.6.1 r149132 - in /branches/1.6.1: ./ channels/chan_sip.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Oct 14 16:09:15 CDT 2008 

Author: mmichelson
Date: Tue Oct 14 16:09:15 2008
New Revision: 149132

URL: http://svn.digium.com/view/asterisk?view=rev&rev=149132
Log:
Merged revisions 149131 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

................
r149131 | mmichelson | 2008-10-14 16:08:48 -0500 (Tue, 14 Oct 2008) | 15 lines

Merged revisions 149130 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r149130 | mmichelson | 2008-10-14 15:49:02 -0500 (Tue, 14 Oct 2008) | 7 lines

Don't allow reserved characters to be used in register
lines in sip.conf.

(closes issue #13570)
Reported by: putnopvut


........

................

Modified:
    branches/1.6.1/   (props changed)
    branches/1.6.1/channels/chan_sip.c

Propchange: branches/1.6.1/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.

Modified: branches/1.6.1/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.1/channels/chan_sip.c?view=diff&rev=149132&r1=149131&r2=149132
==============================================================================
--- branches/1.6.1/channels/chan_sip.c (original)
+++ branches/1.6.1/channels/chan_sip.c Tue Oct 14 16:09:15 2008
@@ -210,6 +210,8 @@
 #define	SIPBUFSIZE		512
 
 #define XMIT_ERROR		-2
+
+#define SIP_RESERVED ";/?:@&=+$,# "
 
 /* #define VOCAL_DATA_HACK */
 
@@ -6326,8 +6328,10 @@
 	enum sip_transport transport = SIP_TRANSPORT_UDP;
 	char buf[256] = "";
 	char *username = NULL;
+	char *port = NULL;
 	char *hostname=NULL, *secret=NULL, *authuser=NULL, *expire=NULL;
 	char *callback=NULL;
+	char *reserved = NULL;
 
 	if (!value)
 		return -1;
@@ -6351,6 +6355,15 @@
 		authuser = strchr(secret, ':');
 		if (authuser)
 			*authuser++ = '\0';
+	}
+	if ((reserved = strpbrk(username, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	if (!ast_strlen_zero(secret) && (reserved = strpbrk(secret, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	if (!ast_strlen_zero(authuser) && (reserved = strpbrk(authuser, SIP_RESERVED))) {
+		goto invalid_char;
 	}
 	/* split host[:port][/contact] */
 	expire = strchr(hostname, '~');
@@ -6361,6 +6374,19 @@
 		*callback++ = '\0';
 	if (ast_strlen_zero(callback))
 		callback = "s";
+	/* Separate host from port when checking for reserved characters
+	 */
+	if ((port = strchr(hostname, ':'))) {
+		*port = '\0';
+	}
+	if ((reserved = strpbrk(hostname, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	/* And then re-merge the host and port so they are stored correctly
+	 */
+	if (port) {
+		*port = ':';
+	}
 	if (!(reg = ast_calloc(1, sizeof(*reg)))) {
 		ast_log(LOG_ERROR, "Out of memory. Can't allocate SIP registry entry\n");
 		return -1;
@@ -6394,6 +6420,10 @@
 	ASTOBJ_CONTAINER_LINK(&regl, reg); /* Add the new registry entry to the list */
 	registry_unref(reg, "unref the reg pointer");	/* release the reference given by ASTOBJ_INIT. The container has another reference */
 	return 0;
+
+invalid_char:
+	ast_log(LOG_WARNING, "A reserved character ('%c') was used in a \"register\" line. This registration will not occur\n", *reserved);
+	return -1;
 }
 
 /*! \brief  Parse multiline SIP headers into one header

More information about the asterisk-commits mailing list