[asterisk-commits] mmichelson: trunk r413381 - in /trunk: ./ res/ res/res_pjsip/

Wed May 7 10:29:24 CDT 2014

Author: mmichelson
Date: Wed May  7 10:29:18 2014
New Revision: 413381

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=413381
Log:
Improve XML sanitization in NOTIFYs, especially for presence subtypes and messages.

Embedded carriage return line feed combinations may appear in presence subtypes
and messages since they may be derived from user input in an instant messenger
client. As such, they need to be properly escaped so that XML parsers do not
vomit when the messages are received.
........

Merged revisions 413372 from http://svn.asterisk.org/svn/asterisk/branches/12

Modified:
    trunk/   (props changed)
    trunk/res/res_pjsip/presence_xml.c
    trunk/res/res_pjsip_pidf_digium_body_supplement.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-12-merged' - no diff available.

Modified: trunk/res/res_pjsip/presence_xml.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_pjsip/presence_xml.c?view=diff&rev=413381&r1=413380&r2=413381
==============================================================================

--- trunk/res/res_pjsip/presence_xml.c (original)
+++ trunk/res/res_pjsip/presence_xml.c Wed May  7 10:29:18 2014
@@ -43,7 +43,7 @@
 
 	output[0] = '\0';
 
-	while ((break_point = strpbrk(copy, "<>\"&'"))) {
+	while ((break_point = strpbrk(copy, "<>\"&'\n\r"))) {
 		char to_escape = *break_point;
 
 		*break_point = '\0';
@@ -64,6 +64,12 @@
 			break;
 		case '\'':
 			strncat(output, "'", len);
+			break;
+		case '\r':
+			strncat(output, "", len);
+			break;
+		case '\n':
+			strncat(output, "
", len);
 			break;
 		};
 

Modified: trunk/res/res_pjsip_pidf_digium_body_supplement.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_pjsip_pidf_digium_body_supplement.c?view=diff&rev=413381&r1=413380&r2=413381
==============================================================================
--- trunk/res/res_pjsip_pidf_digium_body_supplement.c (original)
+++ trunk/res/res_pjsip_pidf_digium_body_supplement.c Wed May  7 10:29:18 2014
@@ -40,6 +40,7 @@
 {
 	struct ast_sip_exten_state_data *state_data = data;
 	pj_xml_node *node;
+	char sanitized[256];
 
 	if (ast_strlen_zero(state_data->user_agent) ||
 	    !strstr(state_data->user_agent, "digium")) {
@@ -69,8 +70,8 @@
 	}
 
 	if (!ast_strlen_zero(state_data->presence_message)) {
-			pj_strdup2(state_data->pool, &node->content,
-				   state_data->presence_message);
+		ast_sip_sanitize_xml(state_data->presence_message, sanitized, sizeof(sanitized));
+		pj_strdup2(state_data->pool, &node->content, sanitized);
 	}
 
 	ast_sip_presence_xml_create_attr(
@@ -78,9 +79,9 @@
 			state_data->presence_state));
 
 	if (!ast_strlen_zero(state_data->presence_subtype)) {
+		ast_sip_sanitize_xml(state_data->presence_subtype, sanitized, sizeof(sanitized));
 		ast_sip_presence_xml_create_attr(
-			state_data->pool, node, "subtype",
-			state_data->presence_subtype);
+			state_data->pool, node, "subtype", sanitized);
 	}
 
 	return 0;


