From: Mark Michelson Date: Mon, 18 Apr 2016 17:12:37 +0000 (-0500) Subject: PJSIP: Remove PJSIP parsing functions from uri length validation. X-Git-Tag: certified/13.1-cert6~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d390bc4c6aaa01e8b81c0fabda2e94a88c3332c;p=thirdparty%2Fasterisk.git PJSIP: Remove PJSIP parsing functions from uri length validation. The PJSIP parsing functions provide a nice concise way to check the length of a hostname in a SIP URI. The problem is that in order to use those parsing functions, it's required to use them from a thread that has registered with PJLib. On startup, when parsing AOR configuration, the permanent URI handler may not be run from a PJLib-registered thread. Specifically, this could happen when Asterisk was started in daemon mode rather than console-mode. If PJProject were compiled with assertions enabled, then this would cause Asterisk to crash on startup. The solution presented here is to do our own parsing of the contact URI in order to ensure that the hostname in the URI is not too long. The parsing does not attempt to perform a full SIP URI parse/validation, since the hostname in the URI is what is important. ASTERISK-25928 #close Reported by Joshua Colp Change-Id: Ic3d6c20ff3502507c17244a8b7e2ca761dc7fb60 --- diff --git a/res/res_pjsip/location.c b/res/res_pjsip/location.c index 837ade05bf..ff2f1b6f36 100644 --- a/res/res_pjsip/location.c +++ b/res/res_pjsip/location.c @@ -272,38 +272,64 @@ static int permanent_uri_sort_fn(const void *obj_left, const void *obj_right, in int ast_sip_validate_uri_length(const char *contact_uri) { - pjsip_uri *uri; - pjsip_sip_uri *sip_uri; - pj_pool_t *pool; int max_length = pj_max_hostname - 1; + char *contact = ast_strdupa(contact_uri); + char *host; + char *at; + int theres_a_port = 0; if (strlen(contact_uri) > pjsip_max_url_size - 1) { return -1; } - if (!(pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), "uri validation", 512, 512))) { - ast_log(LOG_ERROR, "Unable to allocate pool for uri validation\n"); + contact = ast_strip_quoted(contact, "<", ">"); + + if (!strncasecmp(contact, "sip:", 4)) { + host = contact + 4; + } else if (!strncasecmp(contact, "sips:", 5)) { + host = contact + 5; + } else { + /* Not a SIP URI */ return -1; } - if (!(uri = pjsip_parse_uri(pool, (char *)contact_uri, strlen(contact_uri), 0)) || - (!PJSIP_URI_SCHEME_IS_SIP(uri) && !PJSIP_URI_SCHEME_IS_SIPS(uri))) { - pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); - return -1; + at = strchr(contact, '@'); + if (at) { + /* sip[s]:user@host */ + host = at + 1; + } + + if (host[0] == '[') { + /* Host is an IPv6 address. Just get up to the matching bracket */ + char *close_bracket; + + close_bracket = strchr(host, ']'); + if (!close_bracket) { + return -1; + } + close_bracket++; + if (*close_bracket == ':') { + theres_a_port = 1; + } + *close_bracket = '\0'; + } else { + /* uri parameters could contain ';' so trim them off first */ + host = strsep(&host, ";?"); + /* Host is FQDN or IPv4 address. Need to find closing delimiter */ + if (strchr(host, ':')) { + theres_a_port = 1; + host = strsep(&host, ":"); + } } - sip_uri = pjsip_uri_get_uri(uri); - if (sip_uri->port == 0) { + if (!theres_a_port) { max_length -= strlen("_sips.tcp."); } - if (sip_uri->host.slen > max_length) { - pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); + if (strlen(host) > max_length) { return -1; } - pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); - return 0; }