From 6b4b87787c0735bfe63445d625e2e8749a7caecb Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Tue, 21 Mar 2017 09:26:28 -0400 Subject: [PATCH] res_pjsip_messaging: Check URI type before dereferencing We aren't validating that the URI we just parsed is a SIP/SIPS one before trying to access the user, host, and port members of a possibly uninitialized structure. Also update the MessageSend documentation to indicate what 'from' formats are accepted. ASTERISK-26484 #close Reported by: Vinod Dharashive Change-Id: I476b5cc5f18a7713d0ee945374f2a1c164857d30 --- main/message.c | 6 ++++-- res/res_pjsip_messaging.c | 10 +++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/main/message.c b/main/message.c index a6b0488282..fcdf705fe4 100644 --- a/main/message.c +++ b/main/message.c @@ -125,8 +125,10 @@ A From URI for the message if needed for the - message technology being used to send this message. - + message technology being used to send this message. This can be a + SIP(S) URI, such as Alice <sip:alice@atlanta.com>, + a string in the format alice@atlanta.com, or simply + a username such as alice. diff --git a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c index 52fc16da77..5c41a70562 100644 --- a/res/res_pjsip_messaging.c +++ b/res/res_pjsip_messaging.c @@ -235,7 +235,15 @@ static void update_from(pjsip_tx_data *tdata, char *from) parsed_name_addr = (pjsip_name_addr *) pjsip_parse_uri(tdata->pool, from, strlen(from), PJSIP_PARSE_URI_AS_NAMEADDR); if (parsed_name_addr) { - pjsip_sip_uri *parsed_uri = pjsip_uri_get_uri(parsed_name_addr->uri); + pjsip_sip_uri *parsed_uri; + + if (!PJSIP_URI_SCHEME_IS_SIP(parsed_name_addr->uri) + && !PJSIP_URI_SCHEME_IS_SIPS(parsed_name_addr->uri)) { + ast_log(LOG_WARNING, "From address '%s' is not a valid SIP/SIPS URI\n", from); + return; + } + + parsed_uri = pjsip_uri_get_uri(parsed_name_addr->uri); if (pj_strlen(&parsed_name_addr->display)) { pj_strdup(tdata->pool, &name_addr->display, &parsed_name_addr->display);