pjsip_transport_events.c: Fix crash using stale transport pointer.
[asterisk/asterisk.git] / res / res_pjsip / security_events.c
index 7b49137..b31445b 100644 (file)
 
 #include "asterisk.h"
 
-ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
-
 #include <pjsip.h>
 
 #include "asterisk/res_pjsip.h"
 #include "asterisk/security_events.h"
 
-static int find_transport_in_use(void *obj, void *arg, int flags)
-{
-       struct ast_sip_transport *transport = obj;
-       pjsip_rx_data *rdata = arg;
-
-       if ((transport->state->transport == rdata->tp_info.transport) ||
-               (transport->state->factory && !pj_strcmp(&transport->state->factory->addr_name.host, &rdata->tp_info.transport->local_name.host) &&
-                       transport->state->factory->addr_name.port == rdata->tp_info.transport->local_name.port)) {
-               return CMP_MATCH | CMP_STOP;
-       }
-
-       return 0;
-}
-
 static enum ast_transport security_event_get_transport(pjsip_rx_data *rdata)
 {
-       RAII_VAR(struct ao2_container *, transports, NULL, ao2_cleanup);
-       RAII_VAR(struct ast_sip_transport *, transport, NULL, ao2_cleanup);
-
-       /* It should be impossible for these to fail as the transport has to exist for the message to exist */
-       transports = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "transport", AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
-
-       ast_assert(transports != NULL);
-
-       transport = ao2_callback(transports, 0, find_transport_in_use, rdata);
-
-       ast_assert(transport != NULL);
-
-       return transport->type;
+       if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
+               rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
+               return AST_TRANSPORT_UDP;
+       } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP ||
+               rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP6) {
+               return AST_TRANSPORT_TCP;
+       } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS ||
+               rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS6) {
+               return AST_TRANSPORT_TLS;
+       } else if (!strcasecmp(rdata->tp_info.transport->type_name, "WS")) {
+               return AST_TRANSPORT_WS;
+       } else if (!strcasecmp(rdata->tp_info.transport->type_name, "WSS")) {
+               return AST_TRANSPORT_WSS;
+       } else {
+               return 0;
+       }
 }
 
 static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
@@ -78,6 +65,13 @@ static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t
        ast_sockaddr_set_port(remote, rdata->pkt_info.src_port);
 }
 
+static const char *get_account_id(struct ast_sip_endpoint *endpoint)
+{
+       RAII_VAR(struct ast_sip_endpoint *, artificial, ast_sip_get_artificial_endpoint(), ao2_cleanup);
+
+       return endpoint == artificial ? "<unknown>" : ast_sorcery_object_get_id(endpoint);
+}
+
 void ast_sip_report_invalid_endpoint(const char *name, pjsip_rx_data *rdata)
 {
        enum ast_transport transport = security_event_get_transport(rdata);
@@ -115,7 +109,7 @@ void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data
                        .common.event_type  = AST_SECURITY_EVENT_FAILED_ACL,
                        .common.version     = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
                        .common.service     = "PJSIP",
-                       .common.account_id  = ast_sorcery_object_get_id(endpoint),
+                       .common.account_id  = get_account_id(endpoint),
                        .common.local_addr  = {
                                        .addr       = &local,
                                        .transport  = transport,
@@ -145,7 +139,7 @@ void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endp
                                .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
                                .common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
                                .common.service    = "PJSIP",
-                               .common.account_id = ast_sorcery_object_get_id(endpoint),
+                               .common.account_id = get_account_id(endpoint),
                                .common.local_addr = {
                                                .addr      = &local,
                                                .transport = transport,
@@ -159,9 +153,9 @@ void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endp
                                .challenge         = nonce,
                                .response          = response,
                                .expected_response = "",
-               };
+       };
 
-       if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
+       if (auth && !pj_strcmp2(&auth->scheme, "Digest")) {
                ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
                ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
        }
@@ -182,7 +176,7 @@ void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_dat
                        .common.event_type  = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
                        .common.version     = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
                        .common.service     = "PJSIP",
-                       .common.account_id  = ast_sorcery_object_get_id(endpoint),
+                       .common.account_id  = get_account_id(endpoint),
                        .common.local_addr  = {
                                        .addr       = &local,
                                        .transport  = transport,
@@ -192,7 +186,7 @@ void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_dat
                                        .transport  = transport,
                        },
                        .common.session_id  = call_id,
-                       .using_password     = auth ? (uint32_t *)1 : (uint32_t *)0,
+                       .using_password     = auth ? 1 : 0,
        };
 
        security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
@@ -211,7 +205,7 @@ void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip
                        .common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
                        .common.version    = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
                        .common.service    = "PJSIP",
-                       .common.account_id = ast_sorcery_object_get_id(endpoint),
+                       .common.account_id = get_account_id(endpoint),
                        .common.local_addr = {
                                        .addr      = &local,
                                        .transport = transport,
@@ -232,3 +226,59 @@ void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip
 
        ast_security_event_report(AST_SEC_EVT(&chal_sent));
 }
+
+void ast_sip_report_req_no_support(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata,
+                                  const char* req_type)
+{
+       enum ast_transport transport = security_event_get_transport(rdata);
+       char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
+       struct ast_sockaddr local, remote;
+
+       struct ast_security_event_req_no_support req_no_support_event = {
+               .common.event_type  = AST_SECURITY_EVENT_REQ_NO_SUPPORT,
+               .common.version     = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
+               .common.service     = "PJSIP",
+               .common.account_id  = get_account_id(endpoint),
+               .common.local_addr  = {
+                       .addr       = &local,
+                       .transport  = transport,
+               },
+               .common.remote_addr = {
+                       .addr       = &remote,
+                       .transport  = transport,
+               },
+               .common.session_id  = call_id,
+               .request_type       = req_type
+       };
+
+       security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
+
+       ast_security_event_report(AST_SEC_EVT(&req_no_support_event));
+}
+
+void ast_sip_report_mem_limit(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
+{
+       enum ast_transport transport = security_event_get_transport(rdata);
+       char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
+       struct ast_sockaddr local, remote;
+
+       struct ast_security_event_mem_limit mem_limit_event = {
+               .common.event_type  = AST_SECURITY_EVENT_MEM_LIMIT,
+               .common.version     = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
+               .common.service     = "PJSIP",
+               .common.account_id  = get_account_id(endpoint),
+               .common.local_addr  = {
+                       .addr       = &local,
+                       .transport  = transport,
+               },
+               .common.remote_addr = {
+                       .addr       = &remote,
+                       .transport  = transport,
+               },
+               .common.session_id  = call_id
+       };
+
+       security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
+
+       ast_security_event_report(AST_SEC_EVT(&mem_limit_event));
+}