pjsip: Prevent invalid memory access when attempting to contact a non-sip URI

author Walter Doekes <walter+asterisk@wjd.nu>

Fri, 5 Jun 2020 09:30:29 +0000 (11:30 +0200)

committer Friendly Automation <jenkins2@gerrit.asterisk.org>

Mon, 8 Jun 2020 14:43:44 +0000 (09:43 -0500)
author Walter Doekes <walter+asterisk@wjd.nu>
Fri, 5 Jun 2020 09:30:29 +0000 (11:30 +0200)
committer Friendly Automation <jenkins2@gerrit.asterisk.org>
Mon, 8 Jun 2020 14:43:44 +0000 (09:43 -0500)
diff --git a/res/res_pjsip.c b/res/res_pjsip.c

index a595749b3e91afc2929d6672bc26fb54e98349dd..0b7b63480f5da52e2ee303caef9e53cc806e8800 100644 (file)
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -3327,6 +3327,12 @@ pjsip_dialog *ast_sip_create_dialog_uac(const struct ast_sip_endpoint *endpoint,
         pj_cstr(&target_uri, uri);
  
         res = pjsip_dlg_create_uac(pjsip_ua_instance(), &local_uri, NULL, &remote_uri, &target_uri, &dlg);
+       if (res == PJ_SUCCESS && !(PJSIP_URI_SCHEME_IS_SIP(dlg->target) || PJSIP_URI_SCHEME_IS_SIPS(dlg->target))) {
+               /* dlg->target is a pjsip_other_uri, but it's assumed to be a
+                * pjsip_sip_uri below. Fail fast. */
+               res = PJSIP_EINVALIDURI;
+               pjsip_dlg_terminate(dlg);
+       }
         if (res != PJ_SUCCESS) {
                 if (res == PJSIP_EINVALIDURI) {
                         ast_log(LOG_ERROR,
author	Walter Doekes <walter+asterisk@wjd.nu>
	Fri, 5 Jun 2020 09:30:29 +0000 (11:30 +0200)
committer	Friendly Automation <jenkins2@gerrit.asterisk.org>
	Mon, 8 Jun 2020 14:43:44 +0000 (09:43 -0500)