[Asterisk-code-review] res pjsip endpoint identifier ip.c: Fix apply identify valid... (asterisk[15])
Jenkins2
asteriskteam at digium.com
Tue Jan 9 05:52:19 CST 2018
Jenkins2 has submitted this change and it was merged. ( https://gerrit.asterisk.org/7845 )
Change subject: res_pjsip_endpoint_identifier_ip.c: Fix apply identify validation.
......................................................................
res_pjsip_endpoint_identifier_ip.c: Fix apply identify validation.
The ip_identify_apply() did not validate the configuration for simple
static configuration errors or deal well with address resolution errors.
* Added missing configuration validation checks.
* Fixed address resolution error handling.
* Demoted an error message to a warning since it does not fail applying
the identify object configuration.
Change-Id: I8b519607263fe88e8ce964f526a45359fd362b6e
---
M res/res_pjsip_endpoint_identifier_ip.c
1 file changed, 45 insertions(+), 18 deletions(-)
Approvals:
Corey Farrell: Looks good to me, but someone else must approve
Joshua Colp: Looks good to me, approved
Jenkins2: Approved for Submit
diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c
index 8b92cef..e40f9bf 100644
--- a/res/res_pjsip_endpoint_identifier_ip.c
+++ b/res/res_pjsip_endpoint_identifier_ip.c
@@ -105,7 +105,7 @@
struct ast_ha *matches;
/*! \brief Perform SRV resolution of hostnames */
unsigned int srv_lookups;
- /*! \brief Hosts to be resolved after applying configuration */
+ /*! \brief Hosts to be resolved when applying configuration */
struct ao2_container *hosts;
};
@@ -150,8 +150,8 @@
c_header = ast_strdupa(identify->match_header);
c_value = strchr(c_header, ':');
if (!c_value) {
- ast_log(LOG_WARNING, "Identify '%s' has invalid header_match: No ':' separator found!\n",
- ast_sorcery_object_get_id(identify));
+ /* This should not be possible. The object cannot be created if so. */
+ ast_assert(0);
return 0;
}
*c_value = '\0';
@@ -161,17 +161,19 @@
pj_header_name = pj_str(c_header);
header = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &pj_header_name, NULL);
if (!header) {
- ast_debug(3, "SIP message does not contain header '%s'\n", c_header);
+ ast_debug(3, "Identify '%s': SIP message does not have header '%s'\n",
+ ast_sorcery_object_get_id(identify),
+ c_header);
return 0;
}
pj_header_value = pj_str(c_value);
if (pj_strcmp(&pj_header_value, &header->hvalue)) {
- ast_debug(3, "SIP message contains header '%s' but value '%.*s' does not match value '%s' for endpoint '%s'\n",
+ ast_debug(3, "Identify '%s': SIP message has header '%s' but value '%.*s' does not match '%s'\n",
+ ast_sorcery_object_get_id(identify),
c_header,
(int) pj_strlen(&header->hvalue), pj_strbuf(&header->hvalue),
- c_value,
- identify->endpoint_name);
+ c_value);
return 0;
}
@@ -261,7 +263,7 @@
}
for (i = 0; i < num_addrs; ++i) {
- /* Check if the address is already in the list, if so don't bother adding it again */
+ /* Check if the address is already in the list, if so don't add it again */
if (identify->matches && (ast_apply_ha(identify->matches, &addrs[i]) != AST_SENSE_ALLOW)) {
continue;
}
@@ -283,14 +285,13 @@
}
/*! \brief Helper function which performs an SRV lookup and then resolves the hostname */
-static int ip_identify_match_srv_lookup(struct ip_identify_match *identify, const char *prefix, const char *host)
+static int ip_identify_match_srv_lookup(struct ip_identify_match *identify, const char *prefix, const char *host, int results)
{
char service[NI_MAXHOST];
struct srv_context *context = NULL;
int srv_ret;
const char *srvhost;
unsigned short srvport;
- int results = 0;
snprintf(service, sizeof(service), "%s.%s", prefix, host);
@@ -372,10 +373,33 @@
char *current_string;
struct ao2_iterator i;
+ /* Validate the identify object configuration */
+ if (ast_strlen_zero(identify->endpoint_name)) {
+ ast_log(LOG_ERROR, "Identify '%s' missing required endpoint name.\n",
+ ast_sorcery_object_get_id(identify));
+ return -1;
+ }
+ if (ast_strlen_zero(identify->match_header) /* No header to match */
+ /* and no static IP addresses with a mask */
+ && !identify->matches
+ /* and no addresses to resolve */
+ && (!identify->hosts || !ao2_container_count(identify->hosts))) {
+ ast_log(LOG_ERROR, "Identify '%s' is not configured to match anything.\n",
+ ast_sorcery_object_get_id(identify));
+ return -1;
+ }
+ if (!ast_strlen_zero(identify->match_header)
+ && !strchr(identify->match_header, ':')) {
+ ast_log(LOG_ERROR, "Identify '%s' missing ':' separator in match_header '%s'.\n",
+ ast_sorcery_object_get_id(identify), identify->match_header);
+ return -1;
+ }
+
if (!identify->hosts) {
return 0;
}
+ /* Resolve the match addresses now */
i = ao2_iterator_init(identify->hosts, 0);
while ((current_string = ao2_iterator_next(&i))) {
struct ast_sockaddr address;
@@ -383,26 +407,29 @@
/* If the provided string is not an IP address perform SRV resolution on it */
if (identify->srv_lookups && !ast_sockaddr_parse(&address, current_string, 0)) {
- results = ip_identify_match_srv_lookup(identify, "_sip._udp", current_string);
+ results = ip_identify_match_srv_lookup(identify, "_sip._udp", current_string,
+ results);
if (results != -1) {
- results += ip_identify_match_srv_lookup(identify, "_sip._tcp", current_string);
+ results = ip_identify_match_srv_lookup(identify, "_sip._tcp",
+ current_string, results);
}
if (results != -1) {
- results += ip_identify_match_srv_lookup(identify, "_sips._tcp", current_string);
+ results = ip_identify_match_srv_lookup(identify, "_sips._tcp",
+ current_string, results);
}
}
- /* If SRV falls fall back to a normal lookup on the host itself */
+ /* If SRV fails fall back to a normal lookup on the host itself */
if (!results) {
results = ip_identify_match_host_lookup(identify, current_string);
}
if (results == 0) {
- ast_log(LOG_ERROR, "Address '%s' provided on ip endpoint identifier '%s' did not resolve to any address\n",
- current_string, ast_sorcery_object_get_id(obj));
+ ast_log(LOG_WARNING, "Identify '%s' provided address '%s' did not resolve to any address\n",
+ ast_sorcery_object_get_id(identify), current_string);
} else if (results == -1) {
- ast_log(LOG_ERROR, "An error occurred when adding resolution results of '%s' on '%s'\n",
- current_string, ast_sorcery_object_get_id(obj));
+ ast_log(LOG_ERROR, "Identify '%s' failed when adding resolution results of '%s'\n",
+ ast_sorcery_object_get_id(identify), current_string);
ao2_ref(current_string, -1);
ao2_iterator_destroy(&i);
return -1;
--
To view, visit https://gerrit.asterisk.org/7845
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: merged
Gerrit-Change-Id: I8b519607263fe88e8ce964f526a45359fd362b6e
Gerrit-Change-Number: 7845
Gerrit-PatchSet: 2
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180109/21c58a40/attachment.html>
More information about the asterisk-code-review
mailing list