diff options
author | Kevin Harwell <kharwell@digium.com> | 2017-04-26 14:20:00 -0500 |
---|---|---|
committer | Kevin Harwell <kharwell@digium.com> | 2017-04-26 15:32:11 -0500 |
commit | c6b757fa05c4c3fe1b7fa77844b9e5e3203d859f (patch) | |
tree | f2139fe91a18acc09ad357a525d5e8cde5be26c0 | |
parent | e478d2eb94ec98ad8004e1b4b634b53e70591f8d (diff) |
res_pjsip/res_pjsip_callerid: NULL check on caller id name string
It's possible for a name in a party id structure to be marked as valid, but the
name string itself be NULL (for instance this is possible to do by using the
dialplan CALLERID function). There were a couple of places where the name was
validated, but the string itself was not checked before passing it to functions
like 'strlen'. This of course caused a crashed.
This patch adds in a NULL check before attempting to pass it into a function
that is not NULL tolerant.
ASTERISK-25823 #close
Change-Id: Iaa6ffe9d92f598fe9e3c8ae373fadbe3dfbf1d4a
-rw-r--r-- | res/res_pjsip.c | 12 | ||||
-rw-r--r-- | res/res_pjsip_caller_id.c | 9 |
2 files changed, 15 insertions, 6 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index e4bcb7038..9de2176a6 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -4420,11 +4420,15 @@ void ast_sip_modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const s id_uri = pjsip_uri_get_uri(id_name_addr->uri); if (id->name.valid) { - int name_buf_len = strlen(id->name.str) * 2 + 1; - char *name_buf = ast_alloca(name_buf_len); + if (!ast_strlen_zero(id->name.str)) { + int name_buf_len = strlen(id->name.str) * 2 + 1; + char *name_buf = ast_alloca(name_buf_len); - ast_escape_quoted(id->name.str, name_buf, name_buf_len); - pj_strdup2(pool, &id_name_addr->display, name_buf); + ast_escape_quoted(id->name.str, name_buf, name_buf_len); + pj_strdup2(pool, &id_name_addr->display, name_buf); + } else { + pj_strdup2(pool, &id_name_addr->display, NULL); + } } if (id->number.valid) { diff --git a/res/res_pjsip_caller_id.c b/res/res_pjsip_caller_id.c index 7948d33be..470d90f43 100644 --- a/res/res_pjsip_caller_id.c +++ b/res/res_pjsip_caller_id.c @@ -436,7 +436,7 @@ static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_fromt id_name_addr = pjsip_uri_clone(tdata->pool, base->uri); id_uri = pjsip_uri_get_uri(id_name_addr->uri); - if (id->name.valid) { + if (id->name.valid && !ast_strlen_zero(id->name.str)) { int name_buf_len = strlen(id->name.str) * 2 + 1; char *name_buf = ast_alloca(name_buf_len); @@ -450,7 +450,12 @@ static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_fromt pj_strdup2(tdata->pool, &id_name_addr->display, NULL); } - pj_strdup2(tdata->pool, &id_uri->user, id->number.str); + if (id->number.valid) { + pj_strdup2(tdata->pool, &id_uri->user, id->number.str); + } else { + /* Similar to name, make sure the number is also cleared when invalid */ + pj_strdup2(tdata->pool, &id_uri->user, NULL); + } id_hdr->uri = (pjsip_uri *) id_name_addr; return id_hdr; |