diff options
author | Jonathan Rose <jrose@digium.com> | 2014-09-18 17:22:03 +0000 |
---|---|---|
committer | Jonathan Rose <jrose@digium.com> | 2014-09-18 17:22:03 +0000 |
commit | ac46240b6247f52db28f762037cb2ccf2795cc42 (patch) | |
tree | e193e846cdf1fe61b36f5cde47d9a7547fee5a1d /res/res_pjsip_endpoint_identifier_ip.c | |
parent | 02cf1835e378a2a919bfda3f83171531ff195c83 (diff) |
res_pjsip_endpoint_identifier_ip: Fix parsing of match value with CIDR
Also fixes comma separates match lists
ASTERISK-24290 #close
Reported by: Ray Crumrine
Review: https://reviewboard.asterisk.org/r/3995/
........
Merged revisions 423417 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 423425 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@423442 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/res_pjsip_endpoint_identifier_ip.c')
-rw-r--r-- | res/res_pjsip_endpoint_identifier_ip.c | 60 |
1 files changed, 41 insertions, 19 deletions
diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c index 5d938c03e..607e45402 100644 --- a/res/res_pjsip_endpoint_identifier_ip.c +++ b/res/res_pjsip_endpoint_identifier_ip.c @@ -157,31 +157,53 @@ static struct ast_sip_endpoint_identifier ip_identifier = { static int ip_identify_match_handler(const struct aco_option *opt, struct ast_variable *var, void *obj) { struct ip_identify_match *identify = obj; - int num_addrs = 0, error = 0, i; - struct ast_sockaddr *addrs; + char *input_string = ast_strdupa(var->value); + char *current_string; - num_addrs = ast_sockaddr_resolve(&addrs, var->value, PARSE_PORT_FORBID, AST_AF_UNSPEC); - if (!num_addrs) { - ast_log(LOG_ERROR, "Address '%s' provided on ip endpoint identifier '%s' did not resolve to any address\n", - var->value, ast_sorcery_object_get_id(obj)); - return -1; - } + while ((current_string = strsep(&input_string, ","))) { + struct ast_sockaddr *addrs; + int num_addrs = 0, error = 0, i; + char *mask = strrchr(current_string, '/'); - for (i = 0; i < num_addrs; ++i) { - /* We deny what we actually want to match because there is an implicit permit all rule for ACLs */ - identify->matches = ast_append_ha("d", ast_sockaddr_stringify_addr(&addrs[i]), identify->matches, &error); + if (mask) { + identify->matches = ast_append_ha("d", current_string, identify->matches, &error); - if (!identify->matches || error) { - ast_log(LOG_ERROR, "Failed to add address '%s' to ip endpoint identifier '%s'\n", - ast_sockaddr_stringify_addr(&addrs[i]), ast_sorcery_object_get_id(obj)); - error = -1; - break; + if (!identify->matches || error) { + ast_log(LOG_ERROR, "Failed to add address '%s' to ip endpoint identifier '%s'\n", + current_string, ast_sorcery_object_get_id(obj)); + return -1; + } + + continue; } - } - ast_free(addrs); + num_addrs = ast_sockaddr_resolve(&addrs, current_string, PARSE_PORT_FORBID, AST_AF_UNSPEC); + if (!num_addrs) { + ast_log(LOG_ERROR, "Address '%s' provided on ip endpoint identifier '%s' did not resolve to any address\n", + var->value, ast_sorcery_object_get_id(obj)); + return -1; + } + + for (i = 0; i < num_addrs; ++i) { + /* We deny what we actually want to match because there is an implicit permit all rule for ACLs */ + identify->matches = ast_append_ha("d", ast_sockaddr_stringify_addr(&addrs[i]), identify->matches, &error); - return error; + if (!identify->matches || error) { + ast_log(LOG_ERROR, "Failed to add address '%s' to ip endpoint identifier '%s'\n", + ast_sockaddr_stringify_addr(&addrs[i]), ast_sorcery_object_get_id(obj)); + error = -1; + break; + } + } + + ast_free(addrs); + + if (error) { + return -1; + } + } + + return 0; } |