[sr-dev] git:master:49dd3315: uac: safety check for new uri to include only printable characters

Daniel-Constantin Mierla miconda at gmail.com
Mon Oct 31 13:55:45 CET 2016


Module: kamailio
Branch: master
Commit: 49dd3315b7298addeaa85dd1628cd0a25ddef5b1
URL: https://github.com/kamailio/kamailio/commit/49dd3315b7298addeaa85dd1628cd0a25ddef5b1

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2016-10-31T13:54:21+01:00

uac: safety check for new uri to include only printable characters

- related to GH #833

---

Modified: modules/uac/replace.c

---

Diff:  https://github.com/kamailio/kamailio/commit/49dd3315b7298addeaa85dd1628cd0a25ddef5b1.diff
Patch: https://github.com/kamailio/kamailio/commit/49dd3315b7298addeaa85dd1628cd0a25ddef5b1.patch

---

diff --git a/modules/uac/replace.c b/modules/uac/replace.c
index 05304b1..2fb09aa 100644
--- a/modules/uac/replace.c
+++ b/modules/uac/replace.c
@@ -527,8 +527,8 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
 	str param_val;
 	str add_to_rr = {0, 0};
 	struct to_body* old_body;
-	str old_uri;
-	str new_uri;
+	str old_uri = {0, 0};
+	str new_uri = {0, 0};
 	char *p;
 	int i;
 	int_str avp_value;
@@ -570,16 +570,16 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
 	pkg_free(add_to_rr.s);
 	add_to_rr.s = NULL;
 
-	/* dencrypt parameter ;) */
-	if (uac_passwd.len)
+	/* decrypt parameter */
+	if (uac_passwd.len) {
 		for( i=0 ; i<new_uri.len ; i++)
 			new_uri.s[i] ^= uac_passwd.s[i%uac_passwd.len];
+	}
 
 	/* check the request direction */
-	if (
-		(check_from && uac_rrb.is_direction( msg, RR_FLOW_UPSTREAM)==0) ||
-		(!check_from && uac_rrb.is_direction( msg,RR_FLOW_DOWNSTREAM)==0)
-		) {
+	if ( (check_from && uac_rrb.is_direction(msg, RR_FLOW_UPSTREAM)==0)
+			|| (!check_from && uac_rrb.is_direction(msg, RR_FLOW_DOWNSTREAM)==0)
+				) {
 		/* replace the TO URI */
 		if ( msg->to==0 && (parse_headers(msg,HDR_TO_F,0)!=0 || msg->to==0) ) {
 			LM_ERR("failed to parse TO hdr\n");
@@ -637,6 +637,16 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
 		goto failed;
 	}
 
+	/* check if new uri has valid characters */
+	for(i=0; i<new_uri.len; i++) {
+		if(!isprint(new_uri.s[i])) {
+			LM_WARN("invalid char found in the new uri at pos %d (%c) [%.*s]\n",
+					i, new_uri.s[i], new_uri.len, new_uri.s);
+			LM_WARN("this can happen when URI values are altered by end points"
+					" - skipping the update\n");
+			goto failed;
+		}
+	}
 	LM_DBG("decoded uris are: new=[%.*s] old=[%.*s]\n",
 		new_uri.len, new_uri.s, old_uri.len, old_uri.s);
 




More information about the sr-dev mailing list