kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-10 20:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

encode/decode URIs in 'pedantic' mode (issue #3923)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6441 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin P. Fleming
2005-08-29 22:39:39 +00:00
parent 0f03a734b1
commit 1824c2f630
3 changed files with 222 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
channels/chan_sip.c
View File

@@ -1407,23 +1407,6 @@ static int send_request(struct sip_pvt *p, struct sip_request *req, int reliable
return res; return res;
} }
/*--- url_decode: Decode SIP URL (overwrite the string) ---*/
static void url_decode(char *s)
{
char *o;
unsigned int tmp;
for (o = s; *s; s++, o++) {
if (*s == '%' && strlen(s) > 2 && sscanf(s + 1, "%2x", &tmp) == 1) {
/* have '%', two chars and correct parsing */
*o = tmp;
s += 2; /* Will be incremented once more when we break out */
} else /* all other cases, just copy */
*o = *s;
}
*o = '\0';
}
/*--- get_in_brackets: Pick out text in brackets from character string ---*/ /*--- get_in_brackets: Pick out text in brackets from character string ---*/
/* returns pointer to terminated stripped string. modifies input string. */ /* returns pointer to terminated stripped string. modifies input string. */
static char *get_in_brackets(char *tmp) static char *get_in_brackets(char *tmp)
@@ -4348,15 +4331,16 @@ static void build_contact(struct sip_pvt *p)
snprintf(p->our_contact, sizeof(p->our_contact), "<sip:%s%s%s>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip)); snprintf(p->our_contact, sizeof(p->our_contact), "<sip:%s%s%s>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip));
} }
/*--- initreqprep: Initiate SIP request to peer/user ---*/ /*--- initreqprep: Initiate new SIP request to peer/user ---*/
static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, char *vxml_url) static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, char *vxml_url)
{ {
char invite[256]=""; char invite[256] = "";
char from[256]; char from[256];
char to[256]; char to[256];
char tmp[80]; char tmp[BUFSIZ/2];
char tmp2[BUFSIZ/2];
char iabuf[INET_ADDRSTRLEN]; char iabuf[INET_ADDRSTRLEN];
char *l = default_callerid, *n=NULL; char *l = default_callerid, *n = NULL;
int x; int x;
char urioptions[256]=""; char urioptions[256]="";
@@ -4372,7 +4356,7 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
if (p->username && p->username[0] == '+') if (p->username && p->username[0] == '+')
x=1; x=1;
for (; x<strlen(p->username); x++) { for (; x < strlen(p->username); x++) {
if (!strchr(AST_DIGIT_ANYNUM, p->username[x])) { if (!strchr(AST_DIGIT_ANYNUM, p->username[x])) {
onlydigits = 0; onlydigits = 0;
break; break;
@@ -4412,8 +4396,15 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
else /* Save for any further attempts */ else /* Save for any further attempts */
ast_copy_string(p->fromname, n, sizeof(p->fromname)); ast_copy_string(p->fromname, n, sizeof(p->fromname));
if (pedanticsipchecking) {
ast_uri_encode(n, tmp, sizeof(tmp), 0);
n = tmp;
ast_uri_encode(l, tmp2, sizeof(tmp2), 0);
l = tmp2;
}
if ((ourport != 5060) && ast_strlen_zero(p->fromdomain)) /* Needs to be 5060 */ if ((ourport != 5060) && ast_strlen_zero(p->fromdomain)) /* Needs to be 5060 */
snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s:%d>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, ourport, p->tag); snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s:%d>;tag=as%08x", tmp, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, ourport, p->tag);
else else
snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, p->tag); snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, p->tag);
@@ -4423,10 +4414,15 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
ast_copy_string(invite, p->fullcontact, sizeof(invite)); ast_copy_string(invite, p->fullcontact, sizeof(invite));
/* Otherwise, use the username while waiting for registration */ /* Otherwise, use the username while waiting for registration */
} else if (!ast_strlen_zero(p->username)) { } else if (!ast_strlen_zero(p->username)) {
n = p->username;
if (pedanticsipchecking) {
ast_uri_encode(n, tmp, sizeof(tmp), 0);
n = tmp;
}
if (ntohs(p->sa.sin_port) != 5060) { /* Needs to be 5060 */ if (ntohs(p->sa.sin_port) != 5060) { /* Needs to be 5060 */
snprintf(invite, sizeof(invite), "sip:%s@%s:%d%s",p->username, p->tohost, ntohs(p->sa.sin_port), urioptions); snprintf(invite, sizeof(invite), "sip:%s@%s:%d%s", n, p->tohost, ntohs(p->sa.sin_port), urioptions);
} else { } else {
snprintf(invite, sizeof(invite), "sip:%s@%s%s",p->username, p->tohost, urioptions); snprintf(invite, sizeof(invite), "sip:%s@%s%s", n, p->tohost, urioptions);
} }
} else if (ntohs(p->sa.sin_port) != 5060) { /* Needs to be 5060 */ } else if (ntohs(p->sa.sin_port) != 5060) { /* Needs to be 5060 */
snprintf(invite, sizeof(invite), "sip:%s:%d%s", p->tohost, ntohs(p->sa.sin_port), urioptions); snprintf(invite, sizeof(invite), "sip:%s:%d%s", p->tohost, ntohs(p->sa.sin_port), urioptions);
@@ -4434,9 +4430,9 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
snprintf(invite, sizeof(invite), "sip:%s%s", p->tohost, urioptions); snprintf(invite, sizeof(invite), "sip:%s%s", p->tohost, urioptions);
} }
ast_copy_string(p->uri, invite, sizeof(p->uri)); ast_copy_string(p->uri, invite, sizeof(p->uri));
/* If there is a VXML URL append it to the SIP URL */ /* If there is a VXML URL append it to the SIP URL */
if (vxml_url) if (vxml_url) {
{
snprintf(to, sizeof(to), "<%s>;%s", invite, vxml_url); snprintf(to, sizeof(to), "<%s>;%s", invite, vxml_url);
} else { } else {
snprintf(to, sizeof(to), "<%s>", invite); snprintf(to, sizeof(to), "<%s>", invite);
@@ -5756,7 +5752,7 @@ static int cb_extensionstate(char *context, char* exten, enum ast_extension_stat
/*--- register_verify: Verify registration of user */ /*--- register_verify: Verify registration of user */
static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri, int ignore) static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri, int ignore)
{ {
int res = -1; int res = -3;
struct sip_peer *peer; struct sip_peer *peer;
char tmp[256] = ""; char tmp[256] = "";
char iabuf[INET_ADDRSTRLEN]; char iabuf[INET_ADDRSTRLEN];
@@ -5770,6 +5766,9 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
*t = '\0'; *t = '\0';
ast_copy_string(tmp, get_header(req, "To"), sizeof(tmp)); ast_copy_string(tmp, get_header(req, "To"), sizeof(tmp));
if (pedanticsipchecking)
ast_uri_decode(tmp);
c = get_in_brackets(tmp); c = get_in_brackets(tmp);
/* Ditch ;user=phone */ /* Ditch ;user=phone */
name = strchr(c, ';'); name = strchr(c, ';');
@@ -5838,7 +5837,7 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
switch (res) { switch (res) {
case -1: case -1:
/* Wrong password in authentication. Go away, don't try again until you fixed it */ /* Wrong password in authentication. Go away, don't try again until you fixed it */
transmit_response(p, "403 Forbidden", &p->initreq); transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
break; break;
case -2: case -2:
/* Username and digest username does not match. /* Username and digest username does not match.
@@ -5847,6 +5846,15 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
proper authentication by digest auth name */ proper authentication by digest auth name */
transmit_response(p, "403 Authentication user name does not match account name", &p->initreq); transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
break; break;
case -3:
/* URI not found */
transmit_response(p, "404 Not found", &p->initreq);
break;
}
if (option_debug > 1) {
ast_log(LOG_DEBUG, "SIP REGISTER attempt failed for %s : %s\n",
peer->name,
(res == -1) ? "Bad password" : ((res == -2 ) ? "Bad digest user" : "Peer not found"));
} }
} }
if (peer) if (peer)
@@ -5894,10 +5902,16 @@ static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
req = &p->initreq; req = &p->initreq;
if (req->rlPart2) if (req->rlPart2)
ast_copy_string(tmp, req->rlPart2, sizeof(tmp)); ast_copy_string(tmp, req->rlPart2, sizeof(tmp));
c = get_in_brackets(tmp);
ast_copy_string(tmpf, get_header(req, "From"), sizeof(tmpf)); ast_copy_string(tmpf, get_header(req, "From"), sizeof(tmpf));
if (pedanticsipchecking) {
ast_uri_decode(tmp);
ast_uri_decode(tmpf);
}
fr = get_in_brackets(tmpf); fr = get_in_brackets(tmpf);
c = get_in_brackets(tmp);
if (strncmp(c, "sip:", 4)) { if (strncmp(c, "sip:", 4)) {
ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", c); ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", c);
@@ -5930,7 +5944,7 @@ static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
ast_copy_string(p->fromdomain, fr, sizeof(p->fromdomain)); ast_copy_string(p->fromdomain, fr, sizeof(p->fromdomain));
} }
if (pedanticsipchecking) if (pedanticsipchecking)
url_decode(c); ast_uri_decode(c);
if (sip_debug_test_pvt(p)) if (sip_debug_test_pvt(p))
ast_verbose("Looking for %s in %s\n", c, p->context); ast_verbose("Looking for %s in %s\n", c, p->context);
if (ast_exists_extension(NULL, p->context, c, 1, fr) || if (ast_exists_extension(NULL, p->context, c, 1, fr) ||
@@ -6004,6 +6018,9 @@ static int get_refer_info(struct sip_pvt *sip_pvt, struct sip_request *outgoing_
ast_log(LOG_WARNING, "No Referrred-By Header That's not illegal\n"); ast_log(LOG_WARNING, "No Referrred-By Header That's not illegal\n");
return -1; return -1;
} else { } else {
if (pedanticsipchecking) {
ast_uri_decode(h_referred_by);
}
referred_by = get_in_brackets(h_referred_by); referred_by = get_in_brackets(h_referred_by);
} }
h_contact = get_header(req, "Contact"); h_contact = get_header(req, "Contact");
@@ -6035,7 +6052,7 @@ static int get_refer_info(struct sip_pvt *sip_pvt, struct sip_request *outgoing_
replaces_header = ast_strdupa(replace_callid); replaces_header = ast_strdupa(replace_callid);
-anthm -anthm
*/ */
url_decode(replace_callid); ast_uri_decode(replace_callid);
if ((ptr = strchr(replace_callid, '%'))) if ((ptr = strchr(replace_callid, '%')))
*ptr = '\0'; *ptr = '\0';
if ((ptr = strchr(replace_callid, ';'))) if ((ptr = strchr(replace_callid, ';')))
@@ -6291,7 +6308,11 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, int sipme
t++; t++;
*t = '\0'; *t = '\0';
of = get_header(req, "From"); of = get_header(req, "From");
if (pedanticsipchecking)
ast_uri_decode(of);
ast_copy_string(from, of, sizeof(from)); ast_copy_string(from, of, sizeof(from));
memset(calleridname,0,sizeof(calleridname)); memset(calleridname,0,sizeof(calleridname));
get_calleridname(from, calleridname, sizeof(calleridname)); get_calleridname(from, calleridname, sizeof(calleridname));
@@ -9832,7 +9853,7 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, i
/* Use this as the basis */ /* Use this as the basis */
if (debug) if (debug)
ast_verbose("Using latest request as basis request\n"); ast_verbose("Using latest REGISTER request as basis request\n");
copy_request(&p->initreq, req); copy_request(&p->initreq, req);
check_via(p, req); check_via(p, req);
if ((res = register_verify(p, sin, req, e, ignore)) < 0) if ((res = register_verify(p, sin, req, e, ignore)) < 0)

28
include/asterisk/utils.h
View File

@@ -128,11 +128,37 @@ struct ast_hostent {
}; };
extern struct hostent *ast_gethostbyname(const char *host, struct ast_hostent *hp); extern struct hostent *ast_gethostbyname(const char *host, struct ast_hostent *hp);
/* ast_md5_hash: Produces MD5 hash based on input string */
/* ast_md5_hash
\brief Produces MD5 hash based on input string */
extern void ast_md5_hash(char *output, char *input); extern void ast_md5_hash(char *output, char *input);
extern int ast_base64encode(char *dst, unsigned char *src, int srclen, int max); extern int ast_base64encode(char *dst, unsigned char *src, int srclen, int max);
extern int ast_base64decode(unsigned char *dst, char *src, int max); extern int ast_base64decode(unsigned char *dst, char *src, int max);
/*! ast_uri_encode
\brief Turn text string to URI-encoded %XX version
At this point, we're converting from ISO-8859-x (8-bit), not UTF8
as in the SIP protocol spec
If doreserved == 1 we will convert reserved characters also.
RFC 2396, section 2.4
outbuf needs to have more memory allocated than the instring
to have room for the expansion. Every char that is converted
is replaced by three ASCII characters.
\param string String to be converted
\param outbuf Resulting encoded string
\param buflen Size of output buffer
\param doreserved Convert reserved characters
*/
char *ast_uri_encode(char *string, char *outbuf, int buflen, int doreserved);
/*! \brief Decode URI, URN, URL (overwrite string)
\param s String to be decoded
*/
void ast_uri_decode(char *s);
extern int test_for_thread_safety(void); extern int test_for_thread_safety(void);
extern const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia); extern const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia);

64
utils.c
View File

@@ -382,7 +382,66 @@ static void base64_init(void)
#endif #endif
} }
/* Recursive thread safe replacement of inet_ntoa */ /*--- ast_uri_encode: Turn text string to URI-encoded %XX version ---*/
/* At this point, we're converting from ISO-8859-x (8-bit), not UTF8
as in the SIP protocol spec
If doreserved == 1 we will convert reserved characters also.
RFC 2396, section 2.4
outbuf needs to have more memory allocated than the instring
to have room for the expansion. Every char that is converted
is replaced by three ASCII characters.
Note: The doreserved option is needed for replaces header in
SIP transfers.
*/
char *ast_uri_encode(char *string, char *outbuf, int buflen, int doreserved)
{
char *reserved = ";/?:@&=+$, "; /* Reserved chars */
char *ptr = string; /* Start with the string */
char *out = NULL;
char *buf = NULL;
strncpy(outbuf, string, buflen);
/* If there's no characters to convert, just go through and don't do anything */
while (*ptr) {
if (((unsigned char) *ptr) > 127 || (doreserved && strchr(reserved, *ptr)) ) {
/* Oops, we need to start working here */
if (!buf) {
buf = outbuf;
out = buf + (ptr - string) ; /* Set output ptr */
}
out += sprintf(out, "%%%02x", (unsigned char) *ptr);
} else if (buf) {
*out = *ptr; /* Continue copying the string */
out++;
}
ptr++;
}
if (buf)
*out = '\0';
return outbuf;
}
/*--- ast_uri_decode: Decode SIP URI, URN, URL (overwrite the string) ---*/
void ast_uri_decode(char *s)
{
char *o;
unsigned int tmp;
for (o = s; *s; s++, o++) {
if (*s == '%' && strlen(s) > 2 && sscanf(s + 1, "%2x", &tmp) == 1) {
/* have '%', two chars and correct parsing */
*o = tmp;
s += 2; /* Will be incremented once more when we break out */
} else /* all other cases, just copy */
*o = *s;
}
*o = '\0';
}
/*--- ast_inet_ntoa: Recursive thread safe replacement of inet_ntoa */
const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia) const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia)
{ {
return inet_ntop(AF_INET, &ia, buf, bufsiz); return inet_ntop(AF_INET, &ia, buf, bufsiz);
@@ -397,6 +456,7 @@ int ast_utils_init(void)
#ifndef __linux__ #ifndef __linux__
#undef pthread_create /* For ast_pthread_create function only */ #undef pthread_create /* For ast_pthread_create function only */
#endif /* ! LINUX */ #endif /* ! LINUX */
int ast_pthread_create_stack(pthread_t *thread, pthread_attr_t *attr, void *(*start_routine)(void *), void *data, size_t stacksize) int ast_pthread_create_stack(pthread_t *thread, pthread_attr_t *attr, void *(*start_routine)(void *), void *data, size_t stacksize)
{ {
pthread_attr_t lattr; pthread_attr_t lattr;
@@ -725,6 +785,6 @@ uint64_t strtoq(const char *nptr, char **endptr, int base)
acc = -acc; acc = -acc;
if (endptr != 0) if (endptr != 0)
*((const char **)endptr) = any ? s - 1 : nptr; *((const char **)endptr) = any ? s - 1 : nptr;
return (acc); return acc;
} }
#endif #endif