diff options
author | Joshua Colp <jcolp@digium.com> | 2014-11-19 11:50:54 +0000 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2014-11-19 11:50:54 +0000 |
commit | 87c2e9e2387d3c1e8751e379d2ee92e855c1e85a (patch) | |
tree | b15cdf8d80a87d81f01653acf4f89214f02a1b2e | |
parent | 8648bc1f6fd1269ba5def7f9655cea96a0f3b725 (diff) |
res_pjsip_refer: Ensure Refer-To is NULL terminated and parse it as a URI.
There is no guarantee that when we get a Refer-To that it will be NULL terminated.
As the URI parsing function requires it to be we now NULL terminate it.
Additionally parsing the Refer-To as a 'To' header is needless and it can
simply be done as a URI. This also fixes a problem where certain Refer-To headers
would not be parsed as a 'To' header causing the REFER to fail.
ASTERISK-24508 #close
Reported by: Beppo Mazzucato
Review: https://reviewboard.asterisk.org/r/4187/
........
Merged revisions 428195 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@428196 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rw-r--r-- | res/res_pjsip_refer.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/res/res_pjsip_refer.c b/res/res_pjsip_refer.c index f64f77dfa..2d932f38e 100644 --- a/res/res_pjsip_refer.c +++ b/res/res_pjsip_refer.c @@ -848,14 +848,14 @@ end: static int refer_incoming_refer_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata) { pjsip_generic_string_hdr *refer_to; - pjsip_fromto_hdr *target; + char *uri; + pjsip_uri *target; pjsip_sip_uri *target_uri; RAII_VAR(struct refer_progress *, progress, NULL, ao2_cleanup); pjsip_param *replaces; int response; static const pj_str_t str_refer_to = { "Refer-To", 8 }; - static const pj_str_t str_to = { "To", 2 }; static const pj_str_t str_replaces = { "Replaces", 8 }; if (!session->endpoint->allowtransfer) { @@ -874,12 +874,16 @@ static int refer_incoming_refer_request(struct ast_sip_session *session, struct return 0; } - /* Parse the provided URI string as a To header so we can get the target */ - target = pjsip_parse_hdr(rdata->tp_info.pool, &str_to, - (char *) pj_strbuf(&refer_to->hvalue), pj_strlen(&refer_to->hvalue), NULL); + /* This is done on purpose (and is safe) - it's done so that the value passed to + * pjsip_parse_uri is NULL terminated as required + */ + uri = refer_to->hvalue.ptr; + uri[refer_to->hvalue.slen] = '\0'; + + target = pjsip_parse_uri(rdata->tp_info.pool, refer_to->hvalue.ptr, refer_to->hvalue.slen, 0); if (!target - || (!PJSIP_URI_SCHEME_IS_SIP(target->uri) - && !PJSIP_URI_SCHEME_IS_SIPS(target->uri))) { + || (!PJSIP_URI_SCHEME_IS_SIP(target) + && !PJSIP_URI_SCHEME_IS_SIPS(target))) { size_t uri_size = pj_strlen(&refer_to->hvalue) + 1; char *uri = ast_alloca(uri_size); @@ -890,7 +894,7 @@ static int refer_incoming_refer_request(struct ast_sip_session *session, struct uri, ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint)); return 0; } - target_uri = pjsip_uri_get_uri(target->uri); + target_uri = pjsip_uri_get_uri(target); /* Set up REFER progress subscription if requested/possible */ if (refer_progress_alloc(session, rdata, &progress)) { |