res_pjsip: Fix crash with from_user containing invalid characters.
authorBenjamin Keith Ford <bford@digium.com>
Fri, 7 Jul 2017 16:19:13 +0000 (11:19 -0500)
committerBenjamin Keith Ford <bford@digium.com>
Mon, 10 Jul 2017 14:55:05 +0000 (09:55 -0500)
If the from_user field contains certain characters (like @, {, ^, etc.),
PJSIP will return a null value for the URI when attempting to parse it.
This causes a crash when trying to dial out through a trunk that contains
these invalid characters in its from_user field.

This change checks the configuration and ensures that an endpoint will
not be created if the from_user contains an invalid character. It also
adds a null check to the PJSIP URI parsing as a backup.

ASTERISK-27036 #close
Reported by: Maxim Vasilev

Change-Id: I0396fdb5080604e0bdf1277464d5c8a85db913d0

res/res_pjsip.c
res/res_pjsip/pjsip_configuration.c

index 8923540..6e389d5 100644 (file)
@@ -3091,6 +3091,14 @@ pjsip_dialog *ast_sip_create_dialog_uac(const struct ast_sip_endpoint *endpoint,
        /* Update the dialog with the new local URI, we do it afterwards so we can use the dialog pool for construction */
        pj_strdup_with_null(dlg->pool, &dlg->local.info_str, &local_uri);
        dlg->local.info->uri = pjsip_parse_uri(dlg->pool, dlg->local.info_str.ptr, dlg->local.info_str.slen, 0);
+       if (!dlg->local.info->uri) {
+               ast_log(LOG_ERROR,
+                       "Could not parse URI '%s' for endpoint '%s'\n",
+                       dlg->local.info_str.ptr, ast_sorcery_object_get_id(endpoint));
+               dlg->sess_count--;
+               pjsip_dlg_terminate(dlg);
+               return NULL;
+       }
 
        dlg->local.contact = pjsip_parse_hdr(dlg->pool, &HCONTACT, local_uri.ptr, local_uri.slen, NULL);
 
index 372b01b..ef3e05b 100644 (file)
@@ -1148,6 +1148,37 @@ static int tos_video_to_str(const void *obj, const intptr_t *args, char **buf)
        return 0;
 }
 
+static int from_user_handler(const struct aco_option *opt,
+       struct ast_variable *var, void *obj)
+{
+       struct ast_sip_endpoint *endpoint = obj;
+       /* Valid non-alphanumeric characters for URI */
+       char *valid_uri_marks = "-_.!~*`()";
+       const char *val;
+
+       for (val = var->value; *val; val++) {
+               if (!strchr(valid_uri_marks, *val) && !isdigit(*val) && !isalpha(*val)) {
+                       ast_log(LOG_ERROR, "Error configuring endpoint '%s' - '%s' field "
+                       "contains invalid character '%c'\n",
+                       ast_sorcery_object_get_id(endpoint), var->name, *val);
+                       return -1;
+               }
+       }
+
+       ast_string_field_set(endpoint, fromuser, var->value);
+
+       return 0;
+}
+
+static int from_user_to_str(const void *obj, const intptr_t *args, char **buf)
+{
+       const struct ast_sip_endpoint *endpoint = obj;
+
+       *buf = ast_strdup(endpoint->fromuser);
+
+       return 0;
+}
+
 static int set_var_handler(const struct aco_option *opt,
        struct ast_variable *var, void *obj)
 {
@@ -1918,7 +1949,7 @@ int ast_res_pjsip_initialize_configuration(void)
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "cos_video", "0", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, media.cos_video));
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "allow_subscribe", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, subscription.allow));
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "sub_min_expiry", "0", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, subscription.minexpiry));
-       ast_sorcery_object_field_register(sip_sorcery, "endpoint", "from_user", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, fromuser));
+       ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "from_user", "", from_user_handler, from_user_to_str, NULL, 0, 0);
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "from_domain", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, fromdomain));
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "mwi_from_user", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, subscription.mwi.fromuser));
        ast_sorcery_object_field_register(sip_sorcery, "endpoint", "rtp_engine", "asterisk", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, media.rtp.engine));