res_pjsip_session: Prevent user=phone being added to anonimized URIs.

Move ast_sip_add_usereqphone to be called after anonymization of URIs,
to prevent the user_eq_phone adding "user=phone" to URIs containing a
username that is not a phonenumber (RFC3261 19.1.1). An extra call to
ast_sip_add_usereqphone on the saved version before anonymization is
added to add user=phone" to the PAI.

ASTERISK-27047 #close

Change-Id: Ie5644bc66341b86dc08b1f7442210de2e6acdec6

1 files changed, 4 insertions, 3 deletions

diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index f84d60e14..808477c0f 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -802,10 +802,9 @@ static void set_from_header(struct ast_sip_session *session)
 		pj_strdup2(dlg_pool, &dlg_info_uri->host, session->endpoint->fromdomain);
 	}
 
-	ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri);
-
 	/* We need to save off the non-anonymized From for RPID/PAI generation (for domain) */
 	session->saved_from_hdr = pjsip_hdr_clone(dlg_pool, dlg_info);
+	ast_sip_add_usereqphone(session->endpoint, dlg_pool, session->saved_from_hdr->uri);
 
 	/* In chan_sip, fromuser and fromdomain trump restricted so we only
 	 * anonymize if they're not set.
@@ -821,7 +820,9 @@ static void set_from_header(struct ast_sip_session *session)
 		if (ast_strlen_zero(session->endpoint->fromdomain)) {
 			pj_strdup2(dlg_pool, &dlg_info_uri->host, "anonymous.invalid");
 		}
-	}
+	} else {
+		ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri);
+    }
 }
 
 int ast_sip_session_refresh(struct ast_sip_session *session,