<p>Joshua Colp has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/6355">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">pjsip_message_ip_updater:  Fix issue handling "tel" URIs<br><br>sanitize_tdata was assuming all URIs were SIP URIs so when a non<br>SIP uri was in the From, To or Contact headers, the unconditional<br>cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused<br>a segfault when trying to access uri->other_param.<br><br>* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)<br>  checks before attempting to cast or use the returned uri.<br><br>ASTERISK-27152<br>Reported-by: Ross Beer<br><br>Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f<br>---<br>M res/res_pjsip/pjsip_message_ip_updater.c<br>1 file changed, 43 insertions(+), 13 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/55/6355/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/res/res_pjsip/pjsip_message_ip_updater.c b/res/res_pjsip/pjsip_message_ip_updater.c<br>index 2d07464..099ecaa 100644<br>--- a/res/res_pjsip/pjsip_message_ip_updater.c<br>+++ b/res/res_pjsip/pjsip_message_ip_updater.c<br>@@ -153,7 +153,16 @@<br>     return 0;<br> }<br> <br>-static void sanitize_tdata(pjsip_tx_data *tdata)<br>+#define is_sip_uri(uri) \<br>+      (PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri))<br>+<br>+#ifdef AST_DEVMODE<br>+#define FUNC_ATTRS __attribute__ ((noinline))<br>+#else<br>+#define FUNC_ATTRS<br>+#endif<br>+<br>+static void FUNC_ATTRS sanitize_tdata(pjsip_tx_data *tdata)<br> {<br>    static const pj_str_t x_name = { AST_SIP_X_AST_TXP, AST_SIP_X_AST_TXP_LEN };<br>  pjsip_param *x_transport;<br>@@ -161,29 +170,50 @@<br>      pjsip_fromto_hdr *fromto;<br>     pjsip_contact_hdr *contact;<br>   pjsip_hdr *hdr;<br>+#ifdef AST_DEVMODE<br>+ char hdrbuf[512];<br>+    int hdrbuf_len;<br>+#endif<br> <br>   if (tdata->msg->type == PJSIP_REQUEST_MSG) {<br>-           uri = pjsip_uri_get_uri(tdata->msg->line.req.uri);<br>-             x_transport = pjsip_param_find(&uri->other_param, &x_name);<br>-               if (x_transport) {<br>-                   pj_list_erase(x_transport);<br>+          if (is_sip_uri(tdata->msg->line.req.uri)) {<br>+                    uri = pjsip_uri_get_uri(tdata->msg->line.req.uri);<br>+#ifdef AST_DEVMODE<br>+                        hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_REQ_URI, uri, hdrbuf, 512);<br>+                        ast_debug(2, "Sanitizing Request: %s\n", hdrbuf);<br>+#endif<br>+                 while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {<br>+                            pj_list_erase(x_transport);<br>+                  }<br>             }<br>     }<br> <br>  for (hdr = tdata->msg->hdr.next; hdr != &tdata->msg->hdr; hdr = hdr->next) {<br>               if (hdr->type == PJSIP_H_TO || hdr->type == PJSIP_H_FROM) {<br>                     fromto = (pjsip_fromto_hdr *) hdr;<br>-                   uri = pjsip_uri_get_uri(fromto->uri);<br>-                     x_transport = pjsip_param_find(&uri->other_param, &x_name);<br>-                       if (x_transport) {<br>-                           pj_list_erase(x_transport);<br>+                  if (is_sip_uri(fromto->uri)) {<br>+                            uri = pjsip_uri_get_uri(fromto->uri);<br>+#ifdef AST_DEVMODE<br>+                                hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, uri, hdrbuf, 512);<br>+                             hdrbuf[hdrbuf_len] = '\0';<br>+                           ast_debug(2, "Sanitizing From/To: %s\n", hdrbuf);<br>+#endif<br>+                         while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {<br>+                                    pj_list_erase(x_transport);<br>+                          }<br>                     }<br>             } else if (hdr->type == PJSIP_H_CONTACT) {<br>                         contact = (pjsip_contact_hdr *) hdr;<br>-                 uri = pjsip_uri_get_uri(contact->uri);<br>-                    x_transport = pjsip_param_find(&uri->other_param, &x_name);<br>-                       if (x_transport) {<br>-                           pj_list_erase(x_transport);<br>+                  if (is_sip_uri(contact->uri)) {<br>+                           uri = pjsip_uri_get_uri(contact->uri);<br>+#ifdef AST_DEVMODE<br>+                               hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, uri, hdrbuf, 512);<br>+                            hdrbuf[hdrbuf_len] = '\0';<br>+                           ast_debug(2, "Sanitizing Contact: %s\n", hdrbuf);<br>+#endif<br>+                         while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {<br>+                                    pj_list_erase(x_transport);<br>+                          }<br>                     }<br>             }<br>     }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/6355">change 6355</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/6355"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13.17 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f </div>
<div style="display:none"> Gerrit-Change-Number: 6355 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>