[asterisk-commits] mmichelson: branch 12 r397968 - /branches/12/res/res_pjsip_pidf.c

[SVN commits to the Asterisk project]

Author: mmichelson
Date: Thu Aug 29 19:10:49 2013
New Revision: 397968

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=397968
Log:
Sanitize XML output for PIDF bodies.

PJSIP's PIDF API does not replace angle brackets with
their appropriate counterparts for XML. So we have to
do it ourself. In this particular case, the problem had
to do with attempting to place an unsanitized SIP URI
into an XML node. Now we don't get a 488 from recipients
of our PIDF NOTIFYs.


Modified:
    branches/12/res/res_pjsip_pidf.c

Modified: branches/12/res/res_pjsip_pidf.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/res/res_pjsip_pidf.c?view=diff&rev=397968&r1=397967&r2=397968
==============================================================================
--- branches/12/res/res_pjsip_pidf.c (original)
+++ branches/12/res/res_pjsip_pidf.c Thu Aug 29 19:10:49 2013
@@ -178,6 +178,42 @@
 	pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool);
 }
 
+/*!
+ * \internal
+ * \brief Convert angle brackets in input into escaped forms suitable for XML
+ *
+ * \param input Raw input string
+ * \param output Sanitized string
+ * \param len Size of output buffer
+ */
+static void sanitize_xml(const char *input, char *output, size_t len)
+{
+	char *copy = ast_strdupa(input);
+	char *break_point;
+
+	output[0] = '\0';
+
+	while ((break_point = strpbrk(copy, "<>"))) {
+		char bracket = *break_point;
+
+		*break_point = '\0';
+		strncat(output, copy, len);
+
+		if (bracket == '<') {
+			strncat(output, "&lt;", len);
+		} else {
+			strncat(output, "&rt;", len);
+		}
+
+		copy = break_point + 1;
+	}
+
+	/* Be sure to copy everything after the final bracket */
+	if (*copy) {
+		strncat(output, copy, len);
+	}
+}
+
 static int pidf_xml_create_body(struct ast_sip_exten_state_data *data, const char *local,
 				const char *remote, struct ast_str **body_text)
 {
@@ -186,6 +222,7 @@
 	pj_str_t entity, note, id, contact, priority;
 	char *statestring = NULL, *pidfstate = NULL, *pidfnote = NULL;
 	int local_state, size;
+	char sanitized[PJSIP_MAX_URL_SIZE];
 
 	RAII_VAR(pj_pool_t *, pool,
 		 pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(),
@@ -211,7 +248,8 @@
 		return -1;
 	}
 
-	pjpidf_tuple_set_contact(pool, tuple, pj_cstr(&contact, remote));
+	sanitize_xml(remote, sanitized, sizeof(sanitized));
+	pjpidf_tuple_set_contact(pool, tuple, pj_cstr(&contact, sanitized));
 	pjpidf_tuple_set_contact_prio(pool, tuple, pj_cstr(&priority, "1"));
 	pjpidf_status_set_basic_open(pjpidf_tuple_get_status(tuple),
 				     (pidfstate[0] == 'b') || (local_state != NOTIFY_CLOSED));