From 58c071e7cae64ce6d9e9c5e7c254ef16c67e6c08 Mon Sep 17 00:00:00 2001 From: Daniel Tryba Date: Fri, 6 Oct 2017 11:55:38 +0200 Subject: res_pjsip_session: Prevent user=phone being added to anonimized URIs. Move ast_sip_add_usereqphone to be called after anonymization of URIs, to prevent the user_eq_phone adding "user=phone" to URIs containing a username that is not a phonenumber (RFC3261 19.1.1). An extra call to ast_sip_add_usereqphone on the saved version before anonymization is added to add user=phone" to the PAI. ASTERISK-27047 #close Change-Id: Ie5644bc66341b86dc08b1f7442210de2e6acdec6 --- res/res_pjsip_session.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index f84d60e14..808477c0f 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -802,10 +802,9 @@ static void set_from_header(struct ast_sip_session *session) pj_strdup2(dlg_pool, &dlg_info_uri->host, session->endpoint->fromdomain); } - ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri); - /* We need to save off the non-anonymized From for RPID/PAI generation (for domain) */ session->saved_from_hdr = pjsip_hdr_clone(dlg_pool, dlg_info); + ast_sip_add_usereqphone(session->endpoint, dlg_pool, session->saved_from_hdr->uri); /* In chan_sip, fromuser and fromdomain trump restricted so we only * anonymize if they're not set. @@ -821,7 +820,9 @@ static void set_from_header(struct ast_sip_session *session) if (ast_strlen_zero(session->endpoint->fromdomain)) { pj_strdup2(dlg_pool, &dlg_info_uri->host, "anonymous.invalid"); } - } + } else { + ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri); + } } int ast_sip_session_refresh(struct ast_sip_session *session, -- cgit v1.2.3