From 63900374fa310d7df1c421f6f01b5509e99b43d5 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Wed, 13 Sep 2017 15:23:54 -0600 Subject: res_pjsip: Filter out non SIP(S) requests Incoming requests with non sip(s) URIs in the Request, To, From or Contact URIs are now rejected with PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in pjsip_message_filter (formerly pjsip_message_ip_updater) and is done at pjproject's "TRANSPORT" layer before a request can even reach the distributor. URIs read by res_pjsip_outbound_publish from pjsip.conf are now also checked for both length and sip(s) scheme. Those URIs read by outbound registration and aor were already being checked for scheme but their error messages needed to be updated to include scheme failure as well as length failure. Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460 --- res/res_pjsip_outbound_publish.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'res/res_pjsip_outbound_publish.c') diff --git a/res/res_pjsip_outbound_publish.c b/res/res_pjsip_outbound_publish.c index f84f11819..a9f92331b 100644 --- a/res/res_pjsip_outbound_publish.c +++ b/res/res_pjsip_outbound_publish.c @@ -33,6 +33,7 @@ #include "asterisk/taskprocessor.h" #include "asterisk/threadpool.h" #include "asterisk/datastore.h" +#include "res_pjsip/include/res_pjsip_private.h" /*** DOCUMENTATION @@ -1115,10 +1116,27 @@ static int validate_publish_config(struct ast_sip_outbound_publish *publish) ast_log(LOG_ERROR, "No server URI specified on outbound publish '%s'\n", ast_sorcery_object_get_id(publish)); return -1; + } else if (ast_sip_validate_uri_length(publish->server_uri)) { + ast_log(LOG_ERROR, "Server URI or hostname length exceeds pjproject limit or is not a sip(s) uri: '%s' on outbound publish '%s'\n", + publish->server_uri, + ast_sorcery_object_get_id(publish)); + return -1; } else if (ast_strlen_zero(publish->event)) { ast_log(LOG_ERROR, "No event type specified for outbound publish '%s'\n", ast_sorcery_object_get_id(publish)); return -1; + } else if (!ast_strlen_zero(publish->from_uri) + && ast_sip_validate_uri_length(publish->from_uri)) { + ast_log(LOG_ERROR, "From URI or hostname length exceeds pjproject limit or is not a sip(s) uri: '%s' on outbound publish '%s'\n", + publish->from_uri, + ast_sorcery_object_get_id(publish)); + return -1; + } else if (!ast_strlen_zero(publish->to_uri) + && ast_sip_validate_uri_length(publish->to_uri)) { + ast_log(LOG_ERROR, "To URI or hostname length exceeds pjproject limit or is not a sip(s) uri: '%s' on outbound publish '%s'\n", + publish->to_uri, + ast_sorcery_object_get_id(publish)); + return -1; } return 0; } -- cgit v1.2.3