From: Mark Michelson Date: Wed, 21 Aug 2013 14:33:38 +0000 (+0000) Subject: Prevent a crash on outbound SIP MESSAGE requests. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91e91f9660e700a53eb6fd102b688ca87e647445;p=thirdparty%2Fasterisk.git Prevent a crash on outbound SIP MESSAGE requests. If a From header on an outbound out-of-call SIP MESSAGE were malformed, the result could crash Asterisk. In addition, if a From header on an incoming out-of-call SIP MESSAGE request were malformed, the message was happily accepted rather than being rejected up front. The incoming message path would not result in a crash, but the behavior was bad nonetheless. (closes issue ASTERISK-22185) reported by Zhang Lei git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.15@397253 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 151d81718e..bf072da642 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -16791,7 +16791,24 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a ast_string_field_set(p, context, sip_cfg.messagecontext); } - get_destination(p, NULL, NULL); + switch (get_destination(p, NULL, NULL)) { + case SIP_GET_DEST_REFUSED: + /* Okay to send 403 since this is after auth processing */ + transmit_response(p, "403 Forbidden", req); + sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); + return; + case SIP_GET_DEST_INVALID_URI: + transmit_response(p, "416 Unsupported URI Scheme", req); + sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); + return; + case SIP_GET_DEST_EXTEN_NOT_FOUND: + case SIP_GET_DEST_EXTEN_MATCHMORE: + transmit_response(p, "404 Not Found", req); + sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); + return; + case SIP_GET_DEST_EXTEN_FOUND: + break; + } if (!(msg = ast_msg_alloc())) { transmit_response(p, "500 Internal Server Error", req); @@ -24619,6 +24636,21 @@ static int sip_msg_send(const struct ast_msg *msg, const char *to, const char *f sender = ast_strdupa(from); ast_callerid_parse(sender, &name, &location); + if (ast_strlen_zero(location)) { + /* This can occur if either + * 1) A name-addr style From header does not close the angle brackets + * properly. + * 2) The From header is not in name-addr style and the content of the + * From contains characters other than 0-9, *, #, or +. + * + * In both cases, ast_callerid_parse() should have parsed the From header + * as a name rather than a number. So we just need to set the location + * to what was parsed as a name, and set the name NULL since there was + * no name present. + */ + location = name; + name = NULL; + } ast_string_field_set(pvt, fromname, name); if (strchr(location, ':')) { /* Must be a URI */ parse_uri(location, "sip:,sips:", &user, NULL, &domain, NULL);