diff options
author | mmichelson <mmichelson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-10-14 21:09:15 +0000 |
---|---|---|
committer | mmichelson <mmichelson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-10-14 21:09:15 +0000 |
commit | 04b34fd8e132320704f5f7daebba3948d93b2a3d (patch) | |
tree | 9af31cf6e7c0ad3646f93d7caf058a7bcf5b81c1 /channels | |
parent | eb96b9ca2967e45118a4a0ee75a6cc8563a7c687 (diff) |
Merged revisions 149131 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
................
r149131 | mmichelson | 2008-10-14 16:08:48 -0500 (Tue, 14 Oct 2008) | 15 lines
Merged revisions 149130 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r149130 | mmichelson | 2008-10-14 15:49:02 -0500 (Tue, 14 Oct 2008) | 7 lines
Don't allow reserved characters to be used in register
lines in sip.conf.
(closes issue #13570)
Reported by: putnopvut
........
................
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@149132 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_sip.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 01e89907e..d09742f63 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -211,6 +211,8 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #define XMIT_ERROR -2 +#define SIP_RESERVED ";/?:@&=+$,# " + /* #define VOCAL_DATA_HACK */ #define DEFAULT_DEFAULT_EXPIRY 120 @@ -6326,8 +6328,10 @@ static int sip_register(const char *value, int lineno) enum sip_transport transport = SIP_TRANSPORT_UDP; char buf[256] = ""; char *username = NULL; + char *port = NULL; char *hostname=NULL, *secret=NULL, *authuser=NULL, *expire=NULL; char *callback=NULL; + char *reserved = NULL; if (!value) return -1; @@ -6352,6 +6356,15 @@ static int sip_register(const char *value, int lineno) if (authuser) *authuser++ = '\0'; } + if ((reserved = strpbrk(username, SIP_RESERVED))) { + goto invalid_char; + } + if (!ast_strlen_zero(secret) && (reserved = strpbrk(secret, SIP_RESERVED))) { + goto invalid_char; + } + if (!ast_strlen_zero(authuser) && (reserved = strpbrk(authuser, SIP_RESERVED))) { + goto invalid_char; + } /* split host[:port][/contact] */ expire = strchr(hostname, '~'); if (expire) @@ -6361,6 +6374,19 @@ static int sip_register(const char *value, int lineno) *callback++ = '\0'; if (ast_strlen_zero(callback)) callback = "s"; + /* Separate host from port when checking for reserved characters + */ + if ((port = strchr(hostname, ':'))) { + *port = '\0'; + } + if ((reserved = strpbrk(hostname, SIP_RESERVED))) { + goto invalid_char; + } + /* And then re-merge the host and port so they are stored correctly + */ + if (port) { + *port = ':'; + } if (!(reg = ast_calloc(1, sizeof(*reg)))) { ast_log(LOG_ERROR, "Out of memory. Can't allocate SIP registry entry\n"); return -1; @@ -6394,6 +6420,10 @@ static int sip_register(const char *value, int lineno) ASTOBJ_CONTAINER_LINK(®l, reg); /* Add the new registry entry to the list */ registry_unref(reg, "unref the reg pointer"); /* release the reference given by ASTOBJ_INIT. The container has another reference */ return 0; + +invalid_char: + ast_log(LOG_WARNING, "A reserved character ('%c') was used in a \"register\" line. This registration will not occur\n", *reserved); + return -1; } /*! \brief Parse multiline SIP headers into one header |