git:master:49dd3315: uac: safety check for new uri to include only printable characters - sr-dev

31 Oct 2016

Module: kamailio
Branch: master
Commit: 49dd3315b7298addeaa85dd1628cd0a25ddef5b1
URL: https://github.com/kamailio/kamailio/commit/49dd3315b7298addeaa85dd1628cd0a2...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2016-10-31T13:54:21+01:00
uac: safety check for new uri to include only printable characters
- related to GH #833
---
Modified: modules/uac/replace.c
---
Diff:  https://github.com/kamailio/kamailio/commit/49dd3315b7298addeaa85dd1628cd0a2...
Patch: https://github.com/kamailio/kamailio/commit/49dd3315b7298addeaa85dd1628cd0a2...
---

diff --git a/modules/uac/replace.c b/modules/uac/replace.c
index 05304b1..2fb09aa 100644
--- a/modules/uac/replace.c
+++ b/modules/uac/replace.c
@@ -527,8 +527,8 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
    str param_val;
    str add_to_rr = {0, 0};
    struct to_body* old_body;
-	str old_uri;
-	str new_uri;
+	str old_uri = {0, 0};
+	str new_uri = {0, 0};
    char *p;
    int i;
    int_str avp_value;
@@ -570,16 +570,16 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
    pkg_free(add_to_rr.s);
    add_to_rr.s = NULL;
-	/* dencrypt parameter ;) */
-	if (uac_passwd.len)
+	/* decrypt parameter */
+	if (uac_passwd.len) {
    	for( i=0 ; i<new_uri.len ; i++)
    		new_uri.s[i] ^= uac_passwd.s[i%uac_passwd.len];
+	}
/* check the request direction */
-	if (
-		(check_from && uac_rrb.is_direction( msg, RR_FLOW_UPSTREAM)==0) ||
-		(!check_from && uac_rrb.is_direction( msg,RR_FLOW_DOWNSTREAM)==0)
-		) {
+	if ( (check_from && uac_rrb.is_direction(msg, RR_FLOW_UPSTREAM)==0)
+			|| (!check_from && uac_rrb.is_direction(msg, RR_FLOW_DOWNSTREAM)==0)
+				) {
    	/* replace the TO URI */
    	if ( msg->to==0 && (parse_headers(msg,HDR_TO_F,0)!=0 || msg->to==0) ) {
    		LM_ERR("failed to parse TO hdr\n");
@@ -637,6 +637,16 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
    	goto failed;
    }
+	/* check if new uri has valid characters */
+	for(i=0; i<new_uri.len; i++) {
+		if(!isprint(new_uri.s[i])) {
+			LM_WARN("invalid char found in the new uri at pos %d (%c) [%.*s]\n",
+					i, new_uri.s[i], new_uri.len, new_uri.s);
+			LM_WARN("this can happen when URI values are altered by end points"
+					" - skipping the update\n");
+			goto failed;
+		}
+	}
    LM_DBG("decoded uris are: new=[%.*s] old=[%.*s]\n",
    	new_uri.len, new_uri.s, old_uri.len, old_uri.s);

    