diff options
author | Mark Michelson <mmichelson@digium.com> | 2013-08-30 00:11:22 +0000 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2013-08-30 00:11:22 +0000 |
commit | eb955dad9adbf76c3e0ff68cfd1c794989af1941 (patch) | |
tree | 15c608ca7744e84418f35560c98a5b171ad60bfb /res | |
parent | b5f61b560894bb632665828ce1809cd873446433 (diff) |
Sanitize XML output for PIDF bodies.
PJSIP's PIDF API does not replace angle brackets with
their appropriate counterparts for XML. So we have to
do it ourself. In this particular case, the problem had
to do with attempting to place an unsanitized SIP URI
into an XML node. Now we don't get a 488 from recipients
of our PIDF NOTIFYs.
........
Merged revisions 397968 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397969 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res')
-rw-r--r-- | res/res_pjsip_pidf.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/res/res_pjsip_pidf.c b/res/res_pjsip_pidf.c index 45dcb7757..4219e4ce3 100644 --- a/res/res_pjsip_pidf.c +++ b/res/res_pjsip_pidf.c @@ -178,6 +178,42 @@ static void release_pool(void *obj) pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); } +/*! + * \internal + * \brief Convert angle brackets in input into escaped forms suitable for XML + * + * \param input Raw input string + * \param output Sanitized string + * \param len Size of output buffer + */ +static void sanitize_xml(const char *input, char *output, size_t len) +{ + char *copy = ast_strdupa(input); + char *break_point; + + output[0] = '\0'; + + while ((break_point = strpbrk(copy, "<>"))) { + char bracket = *break_point; + + *break_point = '\0'; + strncat(output, copy, len); + + if (bracket == '<') { + strncat(output, "<", len); + } else { + strncat(output, "&rt;", len); + } + + copy = break_point + 1; + } + + /* Be sure to copy everything after the final bracket */ + if (*copy) { + strncat(output, copy, len); + } +} + static int pidf_xml_create_body(struct ast_sip_exten_state_data *data, const char *local, const char *remote, struct ast_str **body_text) { @@ -186,6 +222,7 @@ static int pidf_xml_create_body(struct ast_sip_exten_state_data *data, const cha pj_str_t entity, note, id, contact, priority; char *statestring = NULL, *pidfstate = NULL, *pidfnote = NULL; int local_state, size; + char sanitized[PJSIP_MAX_URL_SIZE]; RAII_VAR(pj_pool_t *, pool, pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), @@ -211,7 +248,8 @@ static int pidf_xml_create_body(struct ast_sip_exten_state_data *data, const cha return -1; } - pjpidf_tuple_set_contact(pool, tuple, pj_cstr(&contact, remote)); + sanitize_xml(remote, sanitized, sizeof(sanitized)); + pjpidf_tuple_set_contact(pool, tuple, pj_cstr(&contact, sanitized)); pjpidf_tuple_set_contact_prio(pool, tuple, pj_cstr(&priority, "1")); pjpidf_status_set_basic_open(pjpidf_tuple_get_status(tuple), (pidfstate[0] == 'b') || (local_state != NOTIFY_CLOSED)); |