pjsip: Prevent invalid memory access when attempting to contact a non-sip URI

author Walter Doekes <walter+asterisk@wjd.nu>

Fri, 5 Jun 2020 09:30:29 +0000 (11:30 +0200)

committer Joshua Colp <jcolp@sangoma.com>

Mon, 8 Jun 2020 15:50:32 +0000 (10:50 -0500)
author Walter Doekes <walter+asterisk@wjd.nu>
Fri, 5 Jun 2020 09:30:29 +0000 (11:30 +0200)
committer Joshua Colp <jcolp@sangoma.com>
Mon, 8 Jun 2020 15:50:32 +0000 (10:50 -0500)
diff --git a/res/res_pjsip.c b/res/res_pjsip.c

index 3820243c08d08b6700b27598ddc887b5ffad8391..a1b1e00a64f3f25f48b50262f560685a8e76658f 100644 (file)
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -3674,6 +3674,12 @@ pjsip_dialog *ast_sip_create_dialog_uac(const struct ast_sip_endpoint *endpoint,
         pj_cstr(&target_uri, uri);
  
         res = pjsip_dlg_create_uac(pjsip_ua_instance(), &local_uri, NULL, &remote_uri, &target_uri, &dlg);
+       if (res == PJ_SUCCESS && !(PJSIP_URI_SCHEME_IS_SIP(dlg->target) || PJSIP_URI_SCHEME_IS_SIPS(dlg->target))) {
+               /* dlg->target is a pjsip_other_uri, but it's assumed to be a
+                * pjsip_sip_uri below. Fail fast. */
+               res = PJSIP_EINVALIDURI;
+               pjsip_dlg_terminate(dlg);
+       }
         if (res != PJ_SUCCESS) {
                 if (res == PJSIP_EINVALIDURI) {
                         ast_log(LOG_ERROR,
author	Walter Doekes <walter+asterisk@wjd.nu>
	Fri, 5 Jun 2020 09:30:29 +0000 (11:30 +0200)
committer	Joshua Colp <jcolp@sangoma.com>
	Mon, 8 Jun 2020 15:50:32 +0000 (10:50 -0500)