diff options
-rw-r--r-- | res/res_pjsip_refer.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/res/res_pjsip_refer.c b/res/res_pjsip_refer.c index 3766f9bb4..f3af65c3c 100644 --- a/res/res_pjsip_refer.c +++ b/res/res_pjsip_refer.c @@ -985,6 +985,7 @@ static int refer_incoming_refer_request(struct ast_sip_session *session, struct { pjsip_generic_string_hdr *refer_to; char *uri; + size_t uri_size; pjsip_uri *target; pjsip_sip_uri *target_uri; RAII_VAR(struct refer_progress *, progress, NULL, ao2_cleanup); @@ -1018,20 +1019,19 @@ static int refer_incoming_refer_request(struct ast_sip_session *session, struct return 0; } - /* This is done on purpose (and is safe) - it's done so that the value passed to - * pjsip_parse_uri is NULL terminated as required + /* The ast_copy_pj_str to uri is needed because it puts the NULL terminator to the uri + * as pjsip_parse_uri require a NULL terminated uri */ - uri = refer_to->hvalue.ptr; - uri[refer_to->hvalue.slen] = '\0'; - target = pjsip_parse_uri(rdata->tp_info.pool, refer_to->hvalue.ptr, refer_to->hvalue.slen, 0); + uri_size = pj_strlen(&refer_to->hvalue) + 1; + uri = ast_alloca(uri_size); + ast_copy_pj_str(uri, &refer_to->hvalue, uri_size); + + target = pjsip_parse_uri(rdata->tp_info.pool, uri, uri_size - 1, 0); + if (!target || (!PJSIP_URI_SCHEME_IS_SIP(target) && !PJSIP_URI_SCHEME_IS_SIPS(target))) { - size_t uri_size = pj_strlen(&refer_to->hvalue) + 1; - char *uri = ast_alloca(uri_size); - - ast_copy_pj_str(uri, &refer_to->hvalue, uri_size); pjsip_dlg_respond(session->inv_session->dlg, rdata, 400, NULL, NULL, NULL); ast_debug(3, "Received a REFER without a parseable Refer-To ('%s') on channel '%s' from endpoint '%s'\n", |