res_pjsip_outbound_registration: Add validation for 'server_uri' and 'client_uri'.
authorJoshua Colp <jcolp@digium.com>
Tue, 31 Dec 2013 20:27:03 +0000 (20:27 +0000)
committerJoshua Colp <jcolp@digium.com>
Tue, 31 Dec 2013 20:27:03 +0000 (20:27 +0000)
When applying configuration for outbound registrations the 'server_uri' and
'client_uri' fields were not validated. The code will now confirm that they
exist and that they contain parseable SIP URIs.

Reported by: Andrew Nagy
........

Merged revisions 404592 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@404593 65c4cc65-6c06-0410-ace0-fbb531ad65f3

res/res_pjsip_outbound_registration.c

index 7258227..db9336b 100644 (file)
@@ -733,6 +733,46 @@ static int sip_outbound_registration_apply(const struct ast_sorcery *sorcery, vo
 {
        RAII_VAR(struct sip_outbound_registration *, existing, ast_sorcery_retrieve_by_id(sorcery, "registration", ast_sorcery_object_get_id(obj)), ao2_cleanup);
        struct sip_outbound_registration *applied = obj;
+       pj_pool_t *pool;
+       pj_str_t tmp;
+       pjsip_uri *uri;
+
+       if (ast_strlen_zero(applied->server_uri)) {
+               ast_log(LOG_ERROR, "No server URI specified on outbound registration '%s'",
+                       ast_sorcery_object_get_id(applied));
+               return -1;
+       } else if (ast_strlen_zero(applied->client_uri)) {
+               ast_log(LOG_ERROR, "No client URI specified on outbound registration '%s'\n",
+                       ast_sorcery_object_get_id(applied));
+               return -1;
+       }
+
+       pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), "URI Validation", 256, 256);
+       if (!pool) {
+               ast_log(LOG_ERROR, "Could not create pool for URI validation on outbound registration '%s'\n",
+                       ast_sorcery_object_get_id(applied));
+               return -1;
+       }
+
+       pj_strdup2_with_null(pool, &tmp, applied->server_uri);
+       uri = pjsip_parse_uri(pool, tmp.ptr, tmp.slen, 0);
+       if (!uri) {
+               ast_log(LOG_ERROR, "Invalid server URI '%s' specified on outbound registration '%s'\n",
+                       applied->server_uri, ast_sorcery_object_get_id(applied));
+               pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool);
+               return -1;
+       }
+
+       pj_strdup2_with_null(pool, &tmp, applied->client_uri);
+       uri = pjsip_parse_uri(pool, tmp.ptr, tmp.slen, 0);
+       if (!uri) {
+               ast_log(LOG_ERROR, "Invalid client URI '%s' specified on outbound registration '%s'\n",
+                       applied->client_uri, ast_sorcery_object_get_id(applied));
+               pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool);
+               return -1;
+       }
+
+       pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool);
 
        if (!existing) {
                /* If no existing registration exists we can just start fresh easily */