From 135b9d3562da69e255e6ce3c84cd7a8ff5c8d0b2 Mon Sep 17 00:00:00 2001 From: Joshua Colp Date: Tue, 31 Dec 2013 20:27:03 +0000 Subject: res_pjsip_outbound_registration: Add validation for 'server_uri' and 'client_uri'. When applying configuration for outbound registrations the 'server_uri' and 'client_uri' fields were not validated. The code will now confirm that they exist and that they contain parseable SIP URIs. Reported by: Andrew Nagy ........ Merged revisions 404592 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@404593 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/res_pjsip_outbound_registration.c | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c index 725822709..db9336ba4 100644 --- a/res/res_pjsip_outbound_registration.c +++ b/res/res_pjsip_outbound_registration.c @@ -733,6 +733,46 @@ static int sip_outbound_registration_apply(const struct ast_sorcery *sorcery, vo { RAII_VAR(struct sip_outbound_registration *, existing, ast_sorcery_retrieve_by_id(sorcery, "registration", ast_sorcery_object_get_id(obj)), ao2_cleanup); struct sip_outbound_registration *applied = obj; + pj_pool_t *pool; + pj_str_t tmp; + pjsip_uri *uri; + + if (ast_strlen_zero(applied->server_uri)) { + ast_log(LOG_ERROR, "No server URI specified on outbound registration '%s'", + ast_sorcery_object_get_id(applied)); + return -1; + } else if (ast_strlen_zero(applied->client_uri)) { + ast_log(LOG_ERROR, "No client URI specified on outbound registration '%s'\n", + ast_sorcery_object_get_id(applied)); + return -1; + } + + pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), "URI Validation", 256, 256); + if (!pool) { + ast_log(LOG_ERROR, "Could not create pool for URI validation on outbound registration '%s'\n", + ast_sorcery_object_get_id(applied)); + return -1; + } + + pj_strdup2_with_null(pool, &tmp, applied->server_uri); + uri = pjsip_parse_uri(pool, tmp.ptr, tmp.slen, 0); + if (!uri) { + ast_log(LOG_ERROR, "Invalid server URI '%s' specified on outbound registration '%s'\n", + applied->server_uri, ast_sorcery_object_get_id(applied)); + pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); + return -1; + } + + pj_strdup2_with_null(pool, &tmp, applied->client_uri); + uri = pjsip_parse_uri(pool, tmp.ptr, tmp.slen, 0); + if (!uri) { + ast_log(LOG_ERROR, "Invalid client URI '%s' specified on outbound registration '%s'\n", + applied->client_uri, ast_sorcery_object_get_id(applied)); + pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); + return -1; + } + + pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool); if (!existing) { /* If no existing registration exists we can just start fresh easily */ -- cgit v1.2.3