[svn-commits] mjordan: branch certified-11.2 r393879 - in /certified/branches/11.2: ./ chan...

SVN commits to the Digium repositories svn-commits at lists.digium.com
Tue Jul 9 06:33:06 CDT 2013 

Author: mjordan
Date: Tue Jul  9 06:33:02 2013
New Revision: 393879

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=393879
Log:
Fix XML encoding of 'identity display' in NOTIFY messages.

XML encoding in chan_sip is accomplished by naively building the XML
directly from strings. While this usually works, it fails to take into
account escaping the reserved characters in XML.

This patch adds an 'ast_xml_escape' function, which works similarly to
'ast_uri_encode'. This is used to properly escape the local_display
attribute in XML formatted NOTIFY messages.

Several things to note:
 * The Right Thing(TM) to do would probably be to replace the
   ast_build_string stuff with building an ast_xml_doc. That's a much
   bigger change, and out of scope for the original ticket, so I
   refrained myself.
 * It is with great sadness that I wrote my own ast_xml_escape
   function. There's one in libxml2, but it's knee-deep in
   libxml2-ness, and not easily used to one-off escape a
   string.
 * I only escaped the string we know is causing problems
   (local_display). At least some of the other strings are
   URI-encoded, which should be XML safe. Rather than figuring out
   what's safe and escaping what's not, it would be much cleaner to
   simply build an ast_xml_doc for the messages and let the XML
   library do the XML escaping. Like I said, that's out of scope.

(closes issue AST-1171)
Reported by: Guenther Kelleter
Tested by: Guenther Kelleter
Review: http://reviewboard.digium.internal/r/365/


Added:
    certified/branches/11.2/tests/test_xml_escape.c   (with props)
Modified:
    certified/branches/11.2/   (props changed)
    certified/branches/11.2/channels/chan_sip.c
    certified/branches/11.2/include/asterisk/utils.h
    certified/branches/11.2/main/utils.c

Propchange: certified/branches/11.2/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.

Modified: certified/branches/11.2/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/11.2/channels/chan_sip.c?view=diff&rev=393879&r1=393878&r2=393879
==============================================================================
--- certified/branches/11.2/channels/chan_sip.c (original)
+++ certified/branches/11.2/channels/chan_sip.c Tue Jul  9 06:33:02 2013
@@ -14455,9 +14455,10 @@
 		ast_str_append(tmp, 0, "<?xml version=\"1.0\"?>\n");
 		ast_str_append(tmp, 0, "<dialog-info xmlns=\"urn:ietf:params:xml:ns:dialog-info\" version=\"%u\" state=\"%s\" entity=\"%s\">\n", p->dialogver, full ? "full" : "partial", mto);
 		if (data->state > 0 && (data->state & AST_EXTENSION_RINGING) && sip_cfg.notifyringing) {
-			const char *local_display = exten;
+			/* Twice the extension length should be enough for XML encoding */
+			char local_display[AST_MAX_EXTENSION * 2];
+			char remote_display[AST_MAX_EXTENSION * 2];
 			char *local_target = ast_strdupa(mto);
-			const char *remote_display = exten;
 			/* It may seem odd to base the remote_target on the To header here,
 			 * but testing by reporters on issue ASTERISK-16735 found that basing
 			 * on the From header would cause ringing state hints to not work
@@ -14468,6 +14469,9 @@
 			 */
 			char *remote_target = ast_strdupa(mto);
 
+			ast_xml_escape(exten, local_display, sizeof(local_display));
+			ast_xml_escape(exten, remote_display, sizeof(remote_display));
+
 			/* There are some limitations to how this works.  The primary one is that the
 			   callee must be dialing the same extension that is being monitored.  Simply dialing
 			   the hint'd device is not sufficient. */
@@ -14487,8 +14491,9 @@
 					local_target = ast_alloca(need);
 					snprintf(local_target, need, "sip:%s@%s", cid_num, p->fromdomain);
 
-					local_display = ast_strdupa(S_COR(ast_channel_caller(callee)->id.name.valid,
-						ast_channel_caller(callee)->id.name.str, ""));
+					ast_xml_escape(S_COR(ast_channel_caller(callee)->id.name.valid,
+							     ast_channel_caller(callee)->id.name.str, ""),
+						       local_display, sizeof(local_display));
 
 					connected_num = S_COR(ast_channel_connected(callee)->id.number.valid,
 						ast_channel_connected(callee)->id.number.str, "");
@@ -14496,8 +14501,9 @@
 					remote_target = ast_alloca(need);
 					snprintf(remote_target, need, "sip:%s@%s", connected_num, p->fromdomain);
 
-					remote_display = ast_strdupa(S_COR(ast_channel_connected(callee)->id.name.valid,
-						ast_channel_connected(callee)->id.name.str, ""));
+					ast_xml_escape(S_COR(ast_channel_connected(callee)->id.name.valid,
+							     ast_channel_connected(callee)->id.name.str, ""),
+						       remote_display, sizeof(remote_display));
 
 					ast_channel_unlock(callee);
 					callee = ast_channel_unref(callee);

Modified: certified/branches/11.2/include/asterisk/utils.h
URL: http://svnview.digium.com/svn/asterisk/certified/branches/11.2/include/asterisk/utils.h?view=diff&rev=393879&r1=393878&r2=393879
==============================================================================
--- certified/branches/11.2/include/asterisk/utils.h (original)
+++ certified/branches/11.2/include/asterisk/utils.h Tue Jul  9 06:33:02 2013
@@ -289,6 +289,20 @@
  * \param spec flags describing how the decoding should be performed
  */
 void ast_uri_decode(char *s, struct ast_flags spec);
+
+/*! ast_xml_escape
+	\brief Escape reserved characters for use in XML.
+
+	If \a outbuf is too short, the output string will be truncated.
+	Regardless, the output will always be null terminated.
+
+	\param string String to be converted
+	\param outbuf Resulting encoded string
+	\param buflen Size of output buffer
+	\return 0 for success
+	\return -1 if buflen is too short.
+ */
+int ast_xml_escape(const char *string, char *outbuf, size_t buflen);
 
 /*!
  * \brief Escape characters found in a quoted string.

Modified: certified/branches/11.2/main/utils.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/11.2/main/utils.c?view=diff&rev=393879&r1=393878&r2=393879
==============================================================================
--- certified/branches/11.2/main/utils.c (original)
+++ certified/branches/11.2/main/utils.c Tue Jul  9 06:33:02 2013
@@ -485,6 +485,69 @@
 
 	return outbuf;
 }
+int ast_xml_escape(const char *string, char * const outbuf, const size_t buflen)
+{
+	char *dst = outbuf;
+	char *end = outbuf + buflen - 1; /* save one for the null terminator */
+
+	/* Handle the case for the empty output buffer */
+	if (buflen == 0) {
+		return -1;
+	}
+
+	/* Escaping rules from http://www.w3.org/TR/REC-xml/#syntax */
+	/* This also prevents partial entities at the end of a string */
+	while (*string && dst < end) {
+		const char *entity = NULL;
+		int len = 0;
+
+		switch (*string) {
+		case '<':
+			entity = "&lt;";
+			len = 4;
+			break;
+		case '&':
+			entity = "&amp;";
+			len = 5;
+			break;
+		case '>':
+			/* necessary if ]]> is in the string; easier to escape them all */
+			entity = "&gt;";
+			len = 4;
+			break;
+		case '\'':
+			/* necessary in single-quoted strings; easier to escape them all */
+			entity = "&apos;";
+			len = 6;
+			break;
+		case '"':
+			/* necessary in double-quoted strings; easier to escape them all */
+			entity = "&quot;";
+			len = 6;
+			break;
+		default:
+			*dst++ = *string++;
+			break;
+		}
+
+		if (entity) {
+			ast_assert(len == strlen(entity));
+			if (end - dst < len) {
+				/* no room for the entity; stop */
+				break;
+			}
+			/* just checked for length; strcpy is fine */
+			strcpy(dst, entity);
+			dst += len;
+			++string;
+		}
+	}
+	/* Write null terminator */
+	*dst = '\0';
+	/* If any chars are left in string, return failure */
+	return *string == '\0' ? 0 : -1;
+}
+
 /*! \brief  ast_inet_ntoa: Recursive thread safe replacement of inet_ntoa */
 const char *ast_inet_ntoa(struct in_addr ia)
 {

Added: certified/branches/11.2/tests/test_xml_escape.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/11.2/tests/test_xml_escape.c?view=auto&rev=393879
==============================================================================
--- certified/branches/11.2/tests/test_xml_escape.c (added)
+++ certified/branches/11.2/tests/test_xml_escape.c Tue Jul  9 06:33:02 2013
@@ -1,0 +1,118 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2013, Digium, Inc.
+ *
+ * David M. Lee, II <dlee at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*!
+ * \file
+ * \brief Test ast_xml_escape
+ *
+ * \author\verbatim David M. Lee, II <dlee at digium.com> \endverbatim
+ *
+ * \ingroup tests
+ */
+
+/*** MODULEINFO
+	<depend>TEST_FRAMEWORK</depend>
+	<support_level>core</support_level>
+ ***/
+
+#include "asterisk.h"
+
+ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
+
+#include "asterisk/utils.h"
+#include "asterisk/module.h"
+#include "asterisk/test.h"
+
+static enum ast_test_result_state test_res = AST_TEST_PASS;
+
+static void test_xml(struct ast_test *test, const char *input, const char *expected, int max_len, int expected_res)
+{
+	char actual[256] = "";
+	int res;
+
+	if (max_len == -1) {
+		max_len = sizeof(actual);
+	}
+
+	res = ast_xml_escape(input, actual, max_len);
+	if (res != expected_res) {
+		ast_test_status_update(test, "Expected result '%d', got '%d'\n", expected_res, res);
+		test_res = AST_TEST_FAIL;
+	}
+
+	if (strcmp(expected, actual) != 0) {
+		ast_test_status_update(test, "Expected output '%s', got '%s'\n", expected, actual);
+		test_res = AST_TEST_FAIL;
+	}
+}
+
+AST_TEST_DEFINE(xml_escape_test)
+{
+	char *input;
+	char *expected;
+
+	switch (cmd) {
+	case TEST_INIT:
+		info->name = "xml_escape_test";
+		info->category = "/main/xml_escape/";
+		info->summary = "Test XML escaping";
+		info->description =
+			"Test XML escaping";
+		return AST_TEST_NOT_RUN;
+	case TEST_EXECUTE:
+		break;
+	}
+
+	test_res = AST_TEST_PASS;
+
+	/* happy path */
+	input = "encode me: <&>'\"";
+	expected = "encode me: &lt;&amp;&gt;&apos;&quot;";
+	test_xml(test, input, expected, -1, 0);
+
+	/* size 0 should fail without changing anything */
+	input = "foo";
+	expected = "";
+	test_xml(test, input, expected, 0, -1);
+
+	/* truncate chars */
+	input = "<truncated>";
+	expected = "&lt;trunc";
+	test_xml(test, input, expected, 10, -1);
+
+	/* truncate entity */
+	input = "trunc<";
+	expected = "trunc";
+	test_xml(test, input, expected, 9, -1);
+
+	return test_res;
+}
+
+static int unload_module(void)
+{
+	AST_TEST_UNREGISTER(xml_escape_test);
+	return 0;
+}
+
+static int load_module(void)
+{
+	AST_TEST_REGISTER(xml_escape_test);
+	return AST_MODULE_LOAD_SUCCESS;
+}
+
+AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Skeleton (sample) Test");

Propchange: certified/branches/11.2/tests/test_xml_escape.c
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: certified/branches/11.2/tests/test_xml_escape.c
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: certified/branches/11.2/tests/test_xml_escape.c
------------------------------------------------------------------------------
    svn:mime-type = text/plain

More information about the svn-commits mailing list