From: Corey Farrell Date: Thu, 26 Jun 2014 10:04:01 +0000 (+0000) Subject: chan_sip: Fix handling of "From" headers longer than 256 characters X-Git-Tag: 11.11.0-rc1~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2875174e978684f3cef454be816ffb945ad32c4d;p=thirdparty%2Fasterisk.git chan_sip: Fix handling of "From" headers longer than 256 characters From headers were processed using a 256 character buffer on the stack. This change replaces that with a heap allocation by ast_strdup. ASTERISK-23790 #close Reported by: uniken1 Tested by: uniken1 Review: https://reviewboard.asterisk.org/r/3669/ Patches: chan_sip-large-from-header-1.8-r3.patch uploaded by wdoekes (license 5674) ........ Merged revisions 417248 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@417249 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index df33c96ef5..594bc56a05 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -17521,7 +17521,8 @@ static int get_rdnis(struct sip_pvt *p, struct sip_request *oreq, char **name, c static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_request *oreq, int *cc_recall_core_id) { char tmp[256] = "", *uri, *unused_password, *domain; - char tmpf[256] = "", *from = NULL; + RAII_VAR(char *, tmpf, NULL, ast_free); + char *from = NULL; struct sip_request *req; char *decoded_uri; @@ -17562,7 +17563,7 @@ static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_re /* XXX Why is this done in get_destination? Isn't it already done? Needs to be checked */ - ast_copy_string(tmpf, sip_get_header(req, "From"), sizeof(tmpf)); + tmpf = ast_strdup(sip_get_header(req, "From")); if (!ast_strlen_zero(tmpf)) { from = get_in_brackets(tmpf); if (parse_uri_legacy_check(from, "sip:,sips:", &from, NULL, &domain, NULL)) { @@ -18402,19 +18403,21 @@ static enum check_auth_result check_user_full(struct sip_pvt *p, struct sip_requ int sipmethod, const char *uri, enum xmittype reliable, struct ast_sockaddr *addr, struct sip_peer **authpeer) { - char from[256], *of, *name, *unused_password, *domain; + char *of, *name, *unused_password, *domain; + RAII_VAR(char *, ofbuf, NULL, ast_free); /* beware, everyone starts pointing to this */ + RAII_VAR(char *, namebuf, NULL, ast_free); enum check_auth_result res = AUTH_DONT_KNOW; char calleridname[256]; char *uri2 = ast_strdupa(uri); terminate_uri(uri2); /* trim extra stuff */ - ast_copy_string(from, sip_get_header(req, "From"), sizeof(from)); + ofbuf = ast_strdup(sip_get_header(req, "From")); /* XXX here tries to map the username for invite things */ /* strip the display-name portion off the beginning of the FROM header. */ - if (!(of = (char *) get_calleridname(from, calleridname, sizeof(calleridname)))) { - ast_log(LOG_ERROR, "FROM header can not be parsed \n"); + if (!(of = (char *) get_calleridname(ofbuf, calleridname, sizeof(calleridname)))) { + ast_log(LOG_ERROR, "FROM header can not be parsed\n"); return res; } @@ -18490,8 +18493,7 @@ static enum check_auth_result check_user_full(struct sip_pvt *p, struct sip_requ } if (!ast_strlen_zero(hdr) && (hdr = strstr(hdr, "username=\""))) { - ast_copy_string(from, hdr + strlen("username=\""), sizeof(from)); - name = from; + namebuf = name = ast_strdup(hdr + strlen("username=\"")); name = strsep(&name, "\""); } }