kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-20 08:40:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "res_pjsip_registrar.c: Prevent potential double free if AOR is not found" into 16

Browse Source
This commit is contained in:
Friendly Automation
2019-12-09 10:28:31 -06:00
committed by Gerrit Code Review
parent 585e5288c8 68ce999351
commit 59799b10bf
1 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
res/res_pjsip_registrar.c
View File

@@ -949,14 +949,21 @@ static int match_aor(const char *aor_name, const char *id)
return 0; return 0;
} }
static char *find_aor_name(const char *username, const char *domain, const char *aors) static char *find_aor_name(const pj_str_t *pj_username, const pj_str_t *pj_domain, const char *aors)
{ {
char *configured_aors; char *configured_aors;
char *aors_buf; char *aors_buf;
char *aor_name; char *aor_name;
char *id_domain; char *id_domain;
char *username, *domain;
struct ast_sip_domain_alias *alias; struct ast_sip_domain_alias *alias;
/* Turn these into C style strings for convenience */
username = ast_alloca(pj_strlen(pj_username) + 1);
ast_copy_pj_str(username, pj_username, pj_strlen(pj_username) + 1);
domain = ast_alloca(pj_strlen(pj_domain) + 1);
ast_copy_pj_str(domain, pj_domain, pj_strlen(pj_domain) + 1);
id_domain = ast_alloca(strlen(username) + strlen(domain) + 2); id_domain = ast_alloca(strlen(username) + strlen(domain) + 2);
sprintf(id_domain, "%s@%s", username, domain); sprintf(id_domain, "%s@%s", username, domain);
@@ -1006,11 +1013,10 @@ static struct ast_sip_aor *find_registrar_aor(struct pjsip_rx_data *rdata, struc
{ {
struct ast_sip_aor *aor = NULL; struct ast_sip_aor *aor = NULL;
char *aor_name = NULL; char *aor_name = NULL;
char *domain_name = NULL;
char *username = NULL;
int i; int i;
for (i = 0; i < AST_VECTOR_SIZE(&endpoint->ident_method_order); ++i) { for (i = 0; i < AST_VECTOR_SIZE(&endpoint->ident_method_order); ++i) {
pj_str_t username;
pjsip_sip_uri *uri; pjsip_sip_uri *uri;
pjsip_authorization_hdr *header = NULL; pjsip_authorization_hdr *header = NULL;
@@ -1018,18 +1024,22 @@ static struct ast_sip_aor *find_registrar_aor(struct pjsip_rx_data *rdata, struc
case AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME: case AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME:
uri = pjsip_uri_get_uri(rdata->msg_info.to->uri); uri = pjsip_uri_get_uri(rdata->msg_info.to->uri);
domain_name = ast_malloc(uri->host.slen + 1); pj_strassign(&username, &uri->user);
ast_copy_pj_str(domain_name, &uri->host, uri->host.slen + 1);
username = ast_malloc(uri->user.slen + 1);
ast_copy_pj_str(username, &uri->user, uri->user.slen + 1);
/* /*
* We may want to match without any user options getting * We may want to match without any user options getting
* in the way. * in the way.
*
* Logic adapted from AST_SIP_USER_OPTIONS_TRUNCATE_CHECK for pj_str_t.
*/ */
AST_SIP_USER_OPTIONS_TRUNCATE_CHECK(username); if (ast_sip_get_ignore_uri_user_options()) {
pj_ssize_t semi = pj_strcspn2(&username, ";");
if (semi < pj_strlen(&username)) {
username.slen = semi;
}
}
aor_name = find_aor_name(username, domain_name, endpoint->aors); aor_name = find_aor_name(&username, &uri->host, endpoint->aors);
if (aor_name) { if (aor_name) {
ast_debug(3, "Matched aor '%s' by To username\n", aor_name); ast_debug(3, "Matched aor '%s' by To username\n", aor_name);
} }
@@ -1038,12 +1048,8 @@ static struct ast_sip_aor *find_registrar_aor(struct pjsip_rx_data *rdata, struc
while ((header = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, while ((header = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION,
header ? header->next : NULL))) { header ? header->next : NULL))) {
if (header && !pj_stricmp2(&header->scheme, "digest")) { if (header && !pj_stricmp2(&header->scheme, "digest")) {
username = ast_malloc(header->credential.digest.username.slen + 1); aor_name = find_aor_name(&header->credential.digest.username,
ast_copy_pj_str(username, &header->credential.digest.username, header->credential.digest.username.slen + 1); &header->credential.digest.realm, endpoint->aors);
domain_name = ast_malloc(header->credential.digest.realm.slen + 1);
ast_copy_pj_str(domain_name, &header->credential.digest.realm, header->credential.digest.realm.slen + 1);
aor_name = find_aor_name(username, domain_name, endpoint->aors);
if (aor_name) { if (aor_name) {
ast_debug(3, "Matched aor '%s' by Authentication username\n", aor_name); ast_debug(3, "Matched aor '%s' by Authentication username\n", aor_name);
break; break;
@@ -1058,9 +1064,6 @@ static struct ast_sip_aor *find_registrar_aor(struct pjsip_rx_data *rdata, struc
if (aor_name) { if (aor_name) {
break; break;
} }
ast_free(domain_name);
ast_free(username);
} }
if (ast_strlen_zero(aor_name) || !(aor = ast_sip_location_retrieve_aor(aor_name))) { if (ast_strlen_zero(aor_name) || !(aor = ast_sip_location_retrieve_aor(aor_name))) {
@@ -1068,11 +1071,9 @@ static struct ast_sip_aor *find_registrar_aor(struct pjsip_rx_data *rdata, struc
pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 404, NULL, NULL, NULL); pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 404, NULL, NULL, NULL);
ast_sip_report_req_no_support(endpoint, rdata, "registrar_requested_aor_not_found"); ast_sip_report_req_no_support(endpoint, rdata, "registrar_requested_aor_not_found");
ast_log(LOG_WARNING, "AOR '%s' not found for endpoint '%s'\n", ast_log(LOG_WARNING, "AOR '%s' not found for endpoint '%s'\n",
username ?: "", ast_sorcery_object_get_id(endpoint)); aor_name ?: "", ast_sorcery_object_get_id(endpoint));
} }
ast_free(aor_name); ast_free(aor_name);
ast_free(domain_name);
ast_free(username);
return aor; return aor;
} }