res_pjsip/res_pjsip_callerid: NULL check on caller id name string
authorKevin Harwell <kharwell@digium.com>
Wed, 26 Apr 2017 19:20:00 +0000 (14:20 -0500)
committerKevin Harwell <kharwell@digium.com>
Wed, 26 Apr 2017 20:32:11 +0000 (15:32 -0500)
It's possible for a name in a party id structure to be marked as valid, but the
name string itself be NULL (for instance this is possible to do by using the
dialplan CALLERID function). There were a couple of places where the name was
validated, but the string itself was not checked before passing it to functions
like 'strlen'. This of course caused a crashed.

This patch adds in a NULL check before attempting to pass it into a function
that is not NULL tolerant.

ASTERISK-25823 #close

Change-Id: Iaa6ffe9d92f598fe9e3c8ae373fadbe3dfbf1d4a

res/res_pjsip.c
res/res_pjsip_caller_id.c

index e4bcb70..9de2176 100644 (file)
@@ -4420,11 +4420,15 @@ void ast_sip_modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const s
        id_uri = pjsip_uri_get_uri(id_name_addr->uri);
 
        if (id->name.valid) {
-               int name_buf_len = strlen(id->name.str) * 2 + 1;
-               char *name_buf = ast_alloca(name_buf_len);
+               if (!ast_strlen_zero(id->name.str)) {
+                       int name_buf_len = strlen(id->name.str) * 2 + 1;
+                       char *name_buf = ast_alloca(name_buf_len);
 
-               ast_escape_quoted(id->name.str, name_buf, name_buf_len);
-               pj_strdup2(pool, &id_name_addr->display, name_buf);
+                       ast_escape_quoted(id->name.str, name_buf, name_buf_len);
+                       pj_strdup2(pool, &id_name_addr->display, name_buf);
+               } else {
+                       pj_strdup2(pool, &id_name_addr->display, NULL);
+               }
        }
 
        if (id->number.valid) {
index 7948d33..470d90f 100644 (file)
@@ -436,7 +436,7 @@ static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_fromt
        id_name_addr = pjsip_uri_clone(tdata->pool, base->uri);
        id_uri = pjsip_uri_get_uri(id_name_addr->uri);
 
-       if (id->name.valid) {
+       if (id->name.valid && !ast_strlen_zero(id->name.str)) {
                int name_buf_len = strlen(id->name.str) * 2 + 1;
                char *name_buf = ast_alloca(name_buf_len);
 
@@ -450,7 +450,12 @@ static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_fromt
                pj_strdup2(tdata->pool, &id_name_addr->display, NULL);
        }
 
-       pj_strdup2(tdata->pool, &id_uri->user, id->number.str);
+       if (id->number.valid) {
+               pj_strdup2(tdata->pool, &id_uri->user, id->number.str);
+       } else {
+               /* Similar to name, make sure the number is also cleared when invalid */
+               pj_strdup2(tdata->pool, &id_uri->user, NULL);
+       }
 
        id_hdr->uri = (pjsip_uri *) id_name_addr;
        return id_hdr;