[svn-commits] coreyfarrell: branch 12 r417250 - in /branches/12: ./ channels/chan_sip.c

SVN commits to the Digium repositories svn-commits at lists.digium.com
Thu Jun 26 05:05:26 CDT 2014


Author: coreyfarrell
Date: Thu Jun 26 05:05:20 2014
New Revision: 417250

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=417250
Log:
chan_sip: Fix handling of "From" headers longer than 256 characters

>From headers were processed using a 256 character buffer on the stack.
This change replaces that with a heap allocation by ast_strdup.

ASTERISK-23790 #close
Reported by: uniken1
Tested by: uniken1
Review: https://reviewboard.asterisk.org/r/3669/
Patches:
    chan_sip-large-from-header-1.8-r3.patch uploaded by wdoekes (license 5674)
........

Merged revisions 417248 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 417249 from http://svn.asterisk.org/svn/asterisk/branches/11

Modified:
    branches/12/   (props changed)
    branches/12/channels/chan_sip.c

Propchange: branches/12/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.

Modified: branches/12/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/channels/chan_sip.c?view=diff&rev=417250&r1=417249&r2=417250
==============================================================================
--- branches/12/channels/chan_sip.c (original)
+++ branches/12/channels/chan_sip.c Thu Jun 26 05:05:20 2014
@@ -17899,7 +17899,8 @@
 static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_request *oreq, int *cc_recall_core_id)
 {
 	char tmp[256] = "", *uri, *unused_password, *domain;
-	char tmpf[256] = "", *from = NULL;
+	RAII_VAR(char *, tmpf, NULL, ast_free);
+	char *from = NULL;
 	struct sip_request *req;
 	char *decoded_uri;
 	RAII_VAR(struct ast_features_pickup_config *, pickup_cfg, ast_get_chan_features_pickup_config(p->owner), ao2_cleanup);
@@ -17950,7 +17951,7 @@
 	/* XXX Why is this done in get_destination? Isn't it already done?
 	   Needs to be checked
         */
-	ast_copy_string(tmpf, sip_get_header(req, "From"), sizeof(tmpf));
+	tmpf = ast_strdup(sip_get_header(req, "From"));
 	if (!ast_strlen_zero(tmpf)) {
 		from = get_in_brackets(tmpf);
 		if (parse_uri_legacy_check(from, "sip:,sips:", &from, NULL, &domain, NULL)) {
@@ -18821,19 +18822,21 @@
 					      int sipmethod, const char *uri, enum xmittype reliable,
 					      struct ast_sockaddr *addr, struct sip_peer **authpeer)
 {
-	char from[256], *of, *name, *unused_password, *domain;
+	char *of, *name, *unused_password, *domain;
+	RAII_VAR(char *, ofbuf, NULL, ast_free); /* beware, everyone starts pointing to this */
+	RAII_VAR(char *, namebuf, NULL, ast_free);
 	enum check_auth_result res = AUTH_DONT_KNOW;
 	char calleridname[256];
 	char *uri2 = ast_strdupa(uri);
 
 	terminate_uri(uri2);	/* trim extra stuff */
 
-	ast_copy_string(from, sip_get_header(req, "From"), sizeof(from));
+	ofbuf = ast_strdup(sip_get_header(req, "From"));
 	/* XXX here tries to map the username for invite things */
 
 	/* strip the display-name portion off the beginning of the FROM header. */
-	if (!(of = (char *) get_calleridname(from, calleridname, sizeof(calleridname)))) {
-		ast_log(LOG_ERROR, "FROM header can not be parsed \n");
+	if (!(of = (char *) get_calleridname(ofbuf, calleridname, sizeof(calleridname)))) {
+		ast_log(LOG_ERROR, "FROM header can not be parsed\n");
 		return res;
 	}
 
@@ -18909,8 +18912,7 @@
 		}
 
 		if (!ast_strlen_zero(hdr) && (hdr = strstr(hdr, "username=\""))) {
-			ast_copy_string(from, hdr + strlen("username=\""), sizeof(from));
-			name = from;
+			namebuf = name = ast_strdup(hdr + strlen("username=\""));
 			name = strsep(&name, "\"");
 		}
 	}




More information about the svn-commits mailing list