res_pjsip_session: Prevent user=phone being added to anonimized URIs.
authorDaniel Tryba <daniel@tryba.nl>
Fri, 6 Oct 2017 09:55:38 +0000 (11:55 +0200)
committerKevin Harwell <kharwell@digium.com>
Thu, 12 Oct 2017 16:06:09 +0000 (11:06 -0500)
Move ast_sip_add_usereqphone to be called after anonymization of URIs,
to prevent the user_eq_phone adding "user=phone" to URIs containing a
username that is not a phonenumber (RFC3261 19.1.1). An extra call to
ast_sip_add_usereqphone on the saved version before anonymization is
added to add user=phone" to the PAI.

ASTERISK-27047 #close

Change-Id: Ie5644bc66341b86dc08b1f7442210de2e6acdec6

res/res_pjsip_session.c

index 49f2f17..d8789ae 100644 (file)
@@ -1329,10 +1329,9 @@ static void set_from_header(struct ast_sip_session *session)
                pj_strdup2(dlg_pool, &dlg_info_uri->host, session->endpoint->fromdomain);
        }
 
-       ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri);
-
        /* We need to save off the non-anonymized From for RPID/PAI generation (for domain) */
        session->saved_from_hdr = pjsip_hdr_clone(dlg_pool, dlg_info);
+       ast_sip_add_usereqphone(session->endpoint, dlg_pool, session->saved_from_hdr->uri);
 
        /* In chan_sip, fromuser and fromdomain trump restricted so we only
         * anonymize if they're not set.
@@ -1348,7 +1347,9 @@ static void set_from_header(struct ast_sip_session *session)
                if (ast_strlen_zero(session->endpoint->fromdomain)) {
                        pj_strdup2(dlg_pool, &dlg_info_uri->host, "anonymous.invalid");
                }
-       }
+       } else {
+               ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri);
+    }
 }
 
 int ast_sip_session_refresh(struct ast_sip_session *session,