Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

encode/decode URIs in 'pedantic' mode (issue #3923)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6441 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1.2-netsec
Kevin P. Fleming 20 years ago
parent 0f03a734b1
commit 1824c2f630
3 changed files with 224 additions and 117 deletions
Show Stats Download Patch File Download Diff File

87
channels/chan_sip.c
Unescape View File

@ -1407,23 +1407,6 @@ static int send_request(struct sip_pvt *p, struct sip_request *req, int reliable
return res;
}
/*--- url_decode: Decode SIP URL (overwrite the string) ---*/
static void url_decode(char *s)
{
char *o;
unsigned int tmp;
for (o = s; *s; s++, o++) {
if (*s == '%' && strlen(s) > 2 && sscanf(s + 1, "%2x", &tmp) == 1) {
/* have '%', two chars and correct parsing */
*o = tmp;
s += 2; /* Will be incremented once more when we break out */
} else /* all other cases, just copy */
*o = *s;
}
*o = '\0';
}
/*--- get_in_brackets: Pick out text in brackets from character string ---*/
/* returns pointer to terminated stripped string. modifies input string. */
static char *get_in_brackets(char *tmp)
@ -4348,15 +4331,16 @@ static void build_contact(struct sip_pvt *p)
snprintf(p->our_contact, sizeof(p->our_contact), "<sip:%s%s%s>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip));
}
/*--- initreqprep: Initiate SIP request to peer/user ---*/
/*--- initreqprep: Initiate new SIP request to peer/user ---*/
static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, char *vxml_url)
{
char invite[256]="";
char invite[256] = "";
char from[256];
char to[256];
char tmp[80];
char tmp[BUFSIZ/2];
char tmp2[BUFSIZ/2];
char iabuf[INET_ADDRSTRLEN];
char *l = default_callerid, *n=NULL;
char *l = default_callerid, *n = NULL;
int x;
char urioptions[256]="";
@ -4372,7 +4356,7 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
if (p->username && p->username[0] == '+')
x=1;
for (; x<strlen(p->username); x++) {
for (; x < strlen(p->username); x++) {
if (!strchr(AST_DIGIT_ANYNUM, p->username[x])) {
onlydigits = 0;
break;
@ -4412,8 +4396,15 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
else /* Save for any further attempts */
ast_copy_string(p->fromname, n, sizeof(p->fromname));
if (pedanticsipchecking) {
ast_uri_encode(n, tmp, sizeof(tmp), 0);
n = tmp;
ast_uri_encode(l, tmp2, sizeof(tmp2), 0);
l = tmp2;
}
if ((ourport != 5060) && ast_strlen_zero(p->fromdomain)) /* Needs to be 5060 */
snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s:%d>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, ourport, p->tag);
snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s:%d>;tag=as%08x", tmp, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, ourport, p->tag);
else
snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, p->tag);
@ -4423,10 +4414,15 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
ast_copy_string(invite, p->fullcontact, sizeof(invite));
/* Otherwise, use the username while waiting for registration */
} else if (!ast_strlen_zero(p->username)) {
n = p->username;
if (pedanticsipchecking) {
ast_uri_encode(n, tmp, sizeof(tmp), 0);
n = tmp;
}
if (ntohs(p->sa.sin_port) != 5060) { /* Needs to be 5060 */
snprintf(invite, sizeof(invite), "sip:%s@%s:%d%s",p->username, p->tohost, ntohs(p->sa.sin_port), urioptions);
snprintf(invite, sizeof(invite), "sip:%s@%s:%d%s", n, p->tohost, ntohs(p->sa.sin_port), urioptions);
} else {
snprintf(invite, sizeof(invite), "sip:%s@%s%s",p->username, p->tohost, urioptions);
snprintf(invite, sizeof(invite), "sip:%s@%s%s", n, p->tohost, urioptions);
}
} else if (ntohs(p->sa.sin_port) != 5060) { /* Needs to be 5060 */
snprintf(invite, sizeof(invite), "sip:%s:%d%s", p->tohost, ntohs(p->sa.sin_port), urioptions);
@ -4434,9 +4430,9 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
snprintf(invite, sizeof(invite), "sip:%s%s", p->tohost, urioptions);
}
ast_copy_string(p->uri, invite, sizeof(p->uri));
/* If there is a VXML URL append it to the SIP URL */
if (vxml_url)
{
if (vxml_url) {
snprintf(to, sizeof(to), "<%s>;%s", invite, vxml_url);
} else {
snprintf(to, sizeof(to), "<%s>", invite);
@ -5756,7 +5752,7 @@ static int cb_extensionstate(char *context, char* exten, enum ast_extension_stat
/*--- register_verify: Verify registration of user */
static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri, int ignore)
{
int res = -1;
int res = -3;
struct sip_peer *peer;
char tmp[256] = "";
char iabuf[INET_ADDRSTRLEN];
@ -5770,6 +5766,9 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
*t = '\0';
ast_copy_string(tmp, get_header(req, "To"), sizeof(tmp));
if (pedanticsipchecking)
ast_uri_decode(tmp);
c = get_in_brackets(tmp);
/* Ditch ;user=phone */
name = strchr(c, ';');
@ -5838,7 +5837,7 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
switch (res) {
case -1:
/* Wrong password in authentication. Go away, don't try again until you fixed it */
transmit_response(p, "403 Forbidden", &p->initreq);
transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
break;
case -2:
/* Username and digest username does not match.
@ -5847,6 +5846,15 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
proper authentication by digest auth name */
transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
break;
case -3:
/* URI not found */
transmit_response(p, "404 Not found", &p->initreq);
break;
}
if (option_debug > 1) {
ast_log(LOG_DEBUG, "SIP REGISTER attempt failed for %s : %s\n",
peer->name,
(res == -1) ? "Bad password" : ((res == -2 ) ? "Bad digest user" : "Peer not found"));
}
}
if (peer)
@ -5894,10 +5902,16 @@ static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
req = &p->initreq;
if (req->rlPart2)
ast_copy_string(tmp, req->rlPart2, sizeof(tmp));
c = get_in_brackets(tmp);
ast_copy_string(tmpf, get_header(req, "From"), sizeof(tmpf));
if (pedanticsipchecking) {
ast_uri_decode(tmp);
ast_uri_decode(tmpf);
}
fr = get_in_brackets(tmpf);
c = get_in_brackets(tmp);
if (strncmp(c, "sip:", 4)) {
ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", c);
@ -5930,7 +5944,7 @@ static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
ast_copy_string(p->fromdomain, fr, sizeof(p->fromdomain));
}
if (pedanticsipchecking)
url_decode(c);
ast_uri_decode(c);
if (sip_debug_test_pvt(p))
ast_verbose("Looking for %s in %s\n", c, p->context);
if (ast_exists_extension(NULL, p->context, c, 1, fr) ||
@ -6004,6 +6018,9 @@ static int get_refer_info(struct sip_pvt *sip_pvt, struct sip_request *outgoing_
ast_log(LOG_WARNING, "No Referrred-By Header That's not illegal\n");
return -1;
} else {
if (pedanticsipchecking) {
ast_uri_decode(h_referred_by);
}
referred_by = get_in_brackets(h_referred_by);
}
h_contact = get_header(req, "Contact");
@ -6035,7 +6052,7 @@ static int get_refer_info(struct sip_pvt *sip_pvt, struct sip_request *outgoing_
replaces_header = ast_strdupa(replace_callid);
-anthm
*/
url_decode(replace_callid);
ast_uri_decode(replace_callid);
if ((ptr = strchr(replace_callid, '%')))
*ptr = '\0';
if ((ptr = strchr(replace_callid, ';')))
@ -6291,7 +6308,11 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, int sipme
t++;
*t = '\0';
of = get_header(req, "From");
if (pedanticsipchecking)
ast_uri_decode(of);
ast_copy_string(from, of, sizeof(from));
memset(calleridname,0,sizeof(calleridname));
get_calleridname(from, calleridname, sizeof(calleridname));
@ -9832,7 +9853,7 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, i
/* Use this as the basis */
if (debug)
ast_verbose("Using latest request as basis request\n");
ast_verbose("Using latest REGISTER request as basis request\n");
copy_request(&p->initreq, req);
check_via(p, req);
if ((res = register_verify(p, sin, req, e, ignore)) < 0)

28
include/asterisk/utils.h
Unescape View File

@ -128,11 +128,37 @@ struct ast_hostent {
};
extern struct hostent *ast_gethostbyname(const char *host, struct ast_hostent *hp);
/* ast_md5_hash: Produces MD5 hash based on input string */
/* ast_md5_hash
\brief Produces MD5 hash based on input string */
extern void ast_md5_hash(char *output, char *input);
extern int ast_base64encode(char *dst, unsigned char *src, int srclen, int max);
extern int ast_base64decode(unsigned char *dst, char *src, int max);
/*! ast_uri_encode
\brief Turn text string to URI-encoded %XX version
At this point, we're converting from ISO-8859-x (8-bit), not UTF8
as in the SIP protocol spec
If doreserved == 1 we will convert reserved characters also.
RFC 2396, section 2.4
outbuf needs to have more memory allocated than the instring
to have room for the expansion. Every char that is converted
is replaced by three ASCII characters.
\param string String to be converted
\param outbuf Resulting encoded string
\param buflen Size of output buffer
\param doreserved Convert reserved characters
*/
char *ast_uri_encode(char *string, char *outbuf, int buflen, int doreserved);
/*! \brief Decode URI, URN, URL (overwrite string)
\param s String to be decoded
*/
void ast_uri_decode(char *s);
extern int test_for_thread_safety(void);
extern const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia);

226
utils.c
Unescape View File

@ -382,7 +382,66 @@ static void base64_init(void)
#endif
}
/* Recursive thread safe replacement of inet_ntoa */
/*--- ast_uri_encode: Turn text string to URI-encoded %XX version ---*/
/* At this point, we're converting from ISO-8859-x (8-bit), not UTF8
as in the SIP protocol spec
If doreserved == 1 we will convert reserved characters also.
RFC 2396, section 2.4
outbuf needs to have more memory allocated than the instring
to have room for the expansion. Every char that is converted
is replaced by three ASCII characters.
Note: The doreserved option is needed for replaces header in
SIP transfers.
*/
char *ast_uri_encode(char *string, char *outbuf, int buflen, int doreserved)
{
char *reserved = ";/?:@&=+$, "; /* Reserved chars */
char *ptr = string; /* Start with the string */
char *out = NULL;
char *buf = NULL;
strncpy(outbuf, string, buflen);
/* If there's no characters to convert, just go through and don't do anything */
while (*ptr) {
if (((unsigned char) *ptr) > 127 || (doreserved && strchr(reserved, *ptr)) ) {
/* Oops, we need to start working here */
if (!buf) {
buf = outbuf;
out = buf + (ptr - string) ; /* Set output ptr */
}
out += sprintf(out, "%%%02x", (unsigned char) *ptr);
} else if (buf) {
*out = *ptr; /* Continue copying the string */
out++;
}
ptr++;
}
if (buf)
*out = '\0';
return outbuf;
}
/*--- ast_uri_decode: Decode SIP URI, URN, URL (overwrite the string) ---*/
void ast_uri_decode(char *s)
{
char *o;
unsigned int tmp;
for (o = s; *s; s++, o++) {
if (*s == '%' && strlen(s) > 2 && sscanf(s + 1, "%2x", &tmp) == 1) {
/* have '%', two chars and correct parsing */
*o = tmp;
s += 2; /* Will be incremented once more when we break out */
} else /* all other cases, just copy */
*o = *s;
}
*o = '\0';
}
/*--- ast_inet_ntoa: Recursive thread safe replacement of inet_ntoa */
const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia)
{
return inet_ntop(AF_INET, &ia, buf, bufsiz);
@ -397,6 +456,7 @@ int ast_utils_init(void)
#ifndef __linux__
#undef pthread_create /* For ast_pthread_create function only */
#endif /* ! LINUX */
int ast_pthread_create_stack(pthread_t *thread, pthread_attr_t *attr, void *(*start_routine)(void *), void *data, size_t stacksize)
{
pthread_attr_t lattr;
@ -634,9 +694,9 @@ int vasprintf(char **strp, const char *fmt, va_list ap)
#ifndef HAVE_STRTOQ
#define LONG_MIN (-9223372036854775807L-1L)
/* min value of a "long int" */
/* min value of a "long int" */
#define LONG_MAX 9223372036854775807L
/* max value of a "long int" */
/* max value of a "long int" */
/*
* Convert a string to a quad integer.
@ -646,85 +706,85 @@ int vasprintf(char **strp, const char *fmt, va_list ap)
*/
uint64_t strtoq(const char *nptr, char **endptr, int base)
{
const char *s;
uint64_t acc;
unsigned char c;
uint64_t qbase, cutoff;
int neg, any, cutlim;
/*
* Skip white space and pick up leading +/- sign if any.
* If base is 0, allow 0x for hex and 0 for octal, else
* assume decimal; if base is already 16, allow 0x.
*/
s = nptr;
do {
c = *s++;
} while (isspace(c));
if (c == '-') {
neg = 1;
c = *s++;
} else {
neg = 0;
if (c == '+')
c = *s++;
}
if ((base == 0 || base == 16) &&
c == '\0' && (*s == 'x' || *s == 'X')) {
c = s[1];
s += 2;
base = 16;
}
if (base == 0)
base = c == '\0' ? 8 : 10;
/*
* Compute the cutoff value between legal numbers and illegal
* numbers. That is the largest legal value, divided by the
* base. An input number that is greater than this value, if
* followed by a legal input character, is too big. One that
* is equal to this value may be valid or not; the limit
* between valid and invalid numbers is then based on the last
* digit. For instance, if the range for quads is
* [-9223372036854775808..9223372036854775807] and the input base
* is 10, cutoff will be set to 922337203685477580 and cutlim to
* either 7 (neg==0) or 8 (neg==1), meaning that if we have
* accumulated a value > 922337203685477580, or equal but the
* next digit is > 7 (or 8), the number is too big, and we will
* return a range error.
*
* Set any if any `digits' consumed; make it negative to indicate
* overflow.
*/
qbase = (unsigned)base;
cutoff = neg ? (uint64_t)-(LONG_MIN + LONG_MAX) + LONG_MAX : LONG_MAX;
cutlim = cutoff % qbase;
cutoff /= qbase;
for (acc = 0, any = 0;; c = *s++) {
if (!isascii(c))
break;
if (isdigit(c))
c -= '\0';
else if (isalpha(c))
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
else
break;
if (c >= base)
break;
if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
any = -1;
else {
any = 1;
acc *= qbase;
acc += c;
}
}
if (any < 0) {
acc = neg ? LONG_MIN : LONG_MAX;
} else if (neg)
acc = -acc;
if (endptr != 0)
*((const char **)endptr) = any ? s - 1 : nptr;
return (acc);
const char *s;
uint64_t acc;
unsigned char c;
uint64_t qbase, cutoff;
int neg, any, cutlim;
/*
* Skip white space and pick up leading +/- sign if any.
* If base is 0, allow 0x for hex and 0 for octal, else
* assume decimal; if base is already 16, allow 0x.
*/
s = nptr;
do {
c = *s++;
} while (isspace(c));
if (c == '-') {
neg = 1;
c = *s++;
} else {
neg = 0;
if (c == '+')
c = *s++;
}
if ((base == 0 || base == 16) &&
c == '\0' && (*s == 'x' || *s == 'X')) {
c = s[1];
s += 2;
base = 16;
}
if (base == 0)
base = c == '\0' ? 8 : 10;
/*
* Compute the cutoff value between legal numbers and illegal
* numbers. That is the largest legal value, divided by the
* base. An input number that is greater than this value, if
* followed by a legal input character, is too big. One that
* is equal to this value may be valid or not; the limit
* between valid and invalid numbers is then based on the last
* digit. For instance, if the range for quads is
* [-9223372036854775808..9223372036854775807] and the input base
* is 10, cutoff will be set to 922337203685477580 and cutlim to
* either 7 (neg==0) or 8 (neg==1), meaning that if we have
* accumulated a value > 922337203685477580, or equal but the
* next digit is > 7 (or 8), the number is too big, and we will
* return a range error.
*
* Set any if any `digits' consumed; make it negative to indicate
* overflow.
*/
qbase = (unsigned)base;
cutoff = neg ? (uint64_t)-(LONG_MIN + LONG_MAX) + LONG_MAX : LONG_MAX;
cutlim = cutoff % qbase;
cutoff /= qbase;
for (acc = 0, any = 0;; c = *s++) {
if (!isascii(c))
break;
if (isdigit(c))
c -= '\0';
else if (isalpha(c))
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
else
break;
if (c >= base)
break;
if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
any = -1;
else {
any = 1;
acc *= qbase;
acc += c;
}
}
if (any < 0) {
acc = neg ? LONG_MIN : LONG_MAX;
} else if (neg)
acc = -acc;
if (endptr != 0)
*((const char **)endptr) = any ? s - 1 : nptr;
return acc;
}
#endif

Write Preview
Loading…
Cancel
Save