kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-14 00:24:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_pjsip_endpoint_identifier_ip: Fix parsing of match value with CIDR

Browse Source 
Also fixes comma separates match lists

ASTERISK-24290 #close
Reported by: Ray Crumrine
Review: https://reviewboard.asterisk.org/r/3995/
........

Merged revisions 423417 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@423425 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Jonathan Rose
2014-09-18 17:11:00 +00:00
parent 588a8d9078
commit 5567d3e7d2
1 changed files with 41 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
res/res_pjsip_endpoint_identifier_ip.c
View File

@@ -157,31 +157,53 @@ static struct ast_sip_endpoint_identifier ip_identifier = {
static int ip_identify_match_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
{
struct ip_identify_match *identify = obj;
int num_addrs = 0, error = 0, i;
struct ast_sockaddr *addrs;
char *input_string = ast_strdupa(var->value);
char *current_string;
num_addrs = ast_sockaddr_resolve(&addrs, var->value, PARSE_PORT_FORBID, AST_AF_UNSPEC);
if (!num_addrs) {
ast_log(LOG_ERROR, "Address '%s' provided on ip endpoint identifier '%s' did not resolve to any address\n",
var->value, ast_sorcery_object_get_id(obj));
return -1;
}
while ((current_string = strsep(&input_string, ","))) {
struct ast_sockaddr *addrs;
int num_addrs = 0, error = 0, i;
char *mask = strrchr(current_string, '/');
for (i = 0; i < num_addrs; ++i) {
/* We deny what we actually want to match because there is an implicit permit all rule for ACLs */
identify->matches = ast_append_ha("d", ast_sockaddr_stringify_addr(&addrs[i]), identify->matches, &error);
if (mask) {
identify->matches = ast_append_ha("d", current_string, identify->matches, &error);
if (!identify->matches || error) {
ast_log(LOG_ERROR, "Failed to add address '%s' to ip endpoint identifier '%s'\n",
ast_sockaddr_stringify_addr(&addrs[i]), ast_sorcery_object_get_id(obj));
error = -1;
break;
if (!identify->matches || error) {
ast_log(LOG_ERROR, "Failed to add address '%s' to ip endpoint identifier '%s'\n",
current_string, ast_sorcery_object_get_id(obj));
return -1;
}
continue;
}
num_addrs = ast_sockaddr_resolve(&addrs, current_string, PARSE_PORT_FORBID, AST_AF_UNSPEC);
if (!num_addrs) {
ast_log(LOG_ERROR, "Address '%s' provided on ip endpoint identifier '%s' did not resolve to any address\n",
var->value, ast_sorcery_object_get_id(obj));
return -1;
}
for (i = 0; i < num_addrs; ++i) {
/* We deny what we actually want to match because there is an implicit permit all rule for ACLs */
identify->matches = ast_append_ha("d", ast_sockaddr_stringify_addr(&addrs[i]), identify->matches, &error);
if (!identify->matches || error) {
ast_log(LOG_ERROR, "Failed to add address '%s' to ip endpoint identifier '%s'\n",
ast_sockaddr_stringify_addr(&addrs[i]), ast_sorcery_object_get_id(obj));
error = -1;
break;
}
}
ast_free(addrs);
if (error) {
return -1;
}
}
ast_free(addrs);
return error;
return 0;
}