From ce2c89ce6847339d7a14169ba769f955118aa6b0 Mon Sep 17 00:00:00 2001
From: Sean Bright <sean.bright@gmail.com>
Date: Tue, 12 Dec 2017 16:19:09 -0500
Subject: [PATCH] chan_sip: Don't crash in Dial on invalid destination

Stripping the DNID in a SIP dial string can result in attempting to call
the argument parsing macros on an empty string, causing a crash.

ASTERISK-26131 #close
Reported by: Dwayne Hubbard
Patches:
	dw-asterisk-master-dnid-crash.patch (license #6257) patch
	uploaded by Dwayne Hubbard

Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
---
 channels/chan_sip.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index b8cc7bf765..b1a8de5f25 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -30465,6 +30465,17 @@ static struct ast_channel *sip_request_call(const char *type, struct ast_format_
 		ast_string_field_set(p, todnid, dnid);
 	}
 
+	/* If stripping the DNID left us with nothing, bail out */
+	if (ast_strlen_zero(tmp)) {
+		dialog_unlink_all(p);
+		dialog_unref(p, "unref dialog p from bad destination");
+		*cause = AST_CAUSE_DESTINATION_OUT_OF_ORDER;
+		if (callid) {
+			ast_callid_unref(callid);
+		}
+		return NULL;
+	}
+
 	/* Divvy up the items separated by slashes */
 	AST_NONSTANDARD_APP_ARGS(args, tmp, '/');