diff options
author | Walter Doekes <walter+asterisk@wjd.nu> | 2016-11-30 16:31:39 +0100 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2016-12-08 08:18:28 -0600 |
commit | 41c6319c4e1261f40813e60017e3b65f4115c94d (patch) | |
tree | 44b2a1b07543ed394b5e9c3bf402fc03bca91c3c /channels | |
parent | 738203f6e6b7c9f13b3b0da0e1b36e90165ce863 (diff) |
chan_sip: Do not allow non-SP/HTAB between header key and colon.
RFC says SIP headers look like:
HCOLON = *( SP / HTAB ) ":" SWS
SWS = [LWS] ; sep whitespace
LWS = [*WSP CRLF] 1*WSP ; linear whitespace
WSP = SP / HTAB ; from rfc2234
chan_sip implemented this:
HCOLON = *( LOWCTL / SP ) ":" SWS
LOWCTL = %x00-1F ; CTL without DEL
This discrepancy meant that SIP proxies in front of Asterisk with
chan_sip could pass on unknown headers with \x00-\x1F in them, which
would be treated by Asterisk as a different (known) header. For
example, the "To\x01:" header would gladly be forwarded by some proxies
as irrelevant, but chan_sip would treat it as the relevant "To:" header.
Those relying on a SIP proxy to scrub certain headers could mistakenly
get unexpected and unvalidated data fed to Asterisk.
This change fixes so chan_sip only considers SP/HTAB as valid tokens
before the colon, making it agree on the headers with other speakers of
SIP.
ASTERISK-26433 #close
AST-2016-009
Change-Id: I78086fbc524ac733b8f7f78cb423c91075fd489b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_sip.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index c34ad31c0..895739b4c 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -8451,8 +8451,6 @@ static const char *__get_header(const struct sip_request *req, const char *name, * one afterwards. If you shouldn't do it, what absolute idiot decided it was * a good idea to say you can do it, and if you can do it, why in the hell would. * you say you shouldn't. - * Anyways, pedanticsipchecking controls whether we allow spaces before ':', - * and we always allow spaces after that for compatibility. */ const char *sname = find_alias(name, NULL); int x, len = strlen(name), slen = (sname ? 1 : 0); @@ -8465,10 +8463,10 @@ static const char *__get_header(const struct sip_request *req, const char *name, if (match || smatch) { /* skip name */ const char *r = header + (match ? len : slen ); - if (sip_cfg.pedanticsipchecking) { - r = ast_skip_blanks(r); + /* HCOLON has optional SP/HTAB; skip past those */ + while (*r == ' ' || *r == '\t') { + ++r; } - if (*r == ':') { *start = x+1; return ast_skip_blanks(r+1); |