<p>George Joseph would like Ivan Poddubny to <strong>review</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/15450">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_pjsip_diversion: Fix adding more than one histinfo to Supported<br><br>New responses sent within a PJSIP sessions are based on those that were<br>sent before. Therefore, adding/modifying a header once causes it to be<br>sent on all responses that follow.<br><br>Sending 181 Call Is Being Forwarded many times first adds "histinfo"<br>duplicated more and more, and eventually overflows past the array<br>boundary.<br><br>This commit adds a check preventing adding "histinfo" more than once,<br>and skipping it if there is no more space in the header.<br><br>Similar overflow situations can also occur in res_pjsip_path and<br>res_pjsip_outbound_registration so those were also modified to<br>check the bounds and suppress duplicate Supported values.<br><br>ASTERISK-29227<br>Reported by: Ivan Poddubny<br><br>Change-Id: Id43704a1f1a0293e35cc7f844026f0b04f2ac322<br>---<br>M res/res_pjsip_diversion.c<br>M res/res_pjsip_outbound_registration.c<br>M res/res_pjsip_path.c<br>3 files changed, 38 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/50/15450/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/res/res_pjsip_diversion.c b/res/res_pjsip_diversion.c</span><br><span>index 7153b54..700d081 100644</span><br><span>--- a/res/res_pjsip_diversion.c</span><br><span>+++ b/res/res_pjsip_diversion.c</span><br><span>@@ -120,6 +120,7 @@</span><br><span> static int add_supported(pjsip_tx_data *tdata)</span><br><span> {</span><br><span> pjsip_supported_hdr *hdr;</span><br><span style="color: hsl(120, 100%, 40%);">+ unsigned int i;</span><br><span> </span><br><span> hdr = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_SUPPORTED, NULL);</span><br><span> if (!hdr) {</span><br><span>@@ -132,6 +133,19 @@</span><br><span> pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *)hdr);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Asterisk can send multiple "181 Call forwarded" in a single session,</span><br><span style="color: hsl(120, 100%, 40%);">+ * we might have already modified Supported before</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < hdr->count; ++i) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (pj_stricmp(&hdr->values[i], &HISTINFO_SUPPORTED_NAME) == 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (hdr->count >= PJSIP_GENERIC_ARRAY_MAX_COUNT) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* add on to the existing Supported header */</span><br><span> pj_strassign(&hdr->values[hdr->count++], &HISTINFO_SUPPORTED_NAME);</span><br><span> </span><br><span>diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c</span><br><span>index 5be38eb..280e256 100644</span><br><span>--- a/res/res_pjsip_outbound_registration.c</span><br><span>+++ b/res/res_pjsip_outbound_registration.c</span><br><span>@@ -625,6 +625,7 @@</span><br><span> static int add_to_supported_header(pjsip_tx_data *tdata, pj_str_t *name)</span><br><span> {</span><br><span> pjsip_supported_hdr *hdr;</span><br><span style="color: hsl(120, 100%, 40%);">+ int i;</span><br><span> </span><br><span> hdr = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_SUPPORTED, NULL);</span><br><span> if (!hdr) {</span><br><span>@@ -638,6 +639,17 @@</span><br><span> pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *)hdr);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Don't add the value if it's already there */</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < hdr->count; ++i) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (pj_stricmp(&hdr->values[i], name) == 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (hdr->count >= PJSIP_GENERIC_ARRAY_MAX_COUNT) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* add on to the existing Supported header */</span><br><span> pj_strassign(&hdr->values[hdr->count++], name);</span><br><span> </span><br><span>diff --git a/res/res_pjsip_path.c b/res/res_pjsip_path.c</span><br><span>index adc5a8c..9f48009 100644</span><br><span>--- a/res/res_pjsip_path.c</span><br><span>+++ b/res/res_pjsip_path.c</span><br><span>@@ -123,6 +123,7 @@</span><br><span> static int add_supported(pjsip_tx_data *tdata)</span><br><span> {</span><br><span> pjsip_supported_hdr *hdr;</span><br><span style="color: hsl(120, 100%, 40%);">+ int i;</span><br><span> </span><br><span> hdr = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_SUPPORTED, NULL);</span><br><span> if (!hdr) {</span><br><span>@@ -135,6 +136,17 @@</span><br><span> pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *)hdr);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Don't add the value if it's already there */</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < hdr->count; ++i) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (pj_stricmp(&hdr->values[i], &PATH_SUPPORTED_NAME) == 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (hdr->count >= PJSIP_GENERIC_ARRAY_MAX_COUNT) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* add on to the existing Supported header */</span><br><span> pj_strassign(&hdr->values[hdr->count++], &PATH_SUPPORTED_NAME);</span><br><span> </span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/15450">change 15450</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/15450"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Id43704a1f1a0293e35cc7f844026f0b04f2ac322 </div>
<div style="display:none"> Gerrit-Change-Number: 15450 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Ivan Poddubny <ivan.poddubny@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>