diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 5e9d2d26ea..63f9151d64 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -14445,8 +14445,8 @@ static enum check_auth_result check_user_full(struct sip_pvt *p, struct sip_requ struct sockaddr_in *sin, struct sip_peer **authpeer) { char from[256] = { 0, }; - char *dummy; /* dummy return value for parse_uri */ - char *domain; /* dummy return value for parse_uri */ + char *dummy = NULL; /* dummy return value for parse_uri */ + char *domain = NULL; /* dummy return value for parse_uri */ char *of; enum check_auth_result res = AUTH_DONT_KNOW; char calleridname[50]; diff --git a/channels/sip/reqresp_parser.c b/channels/sip/reqresp_parser.c index d589bec9d1..446e9637fe 100644 --- a/channels/sip/reqresp_parser.c +++ b/channels/sip/reqresp_parser.c @@ -759,6 +759,11 @@ const char *get_calleridname(const char *input, char *output, size_t outputsize) } } + if (*input != '<') { /* if we never found the start of addr-spec then this is invalid */ + *orig_output = '\0'; + return orig_input; + } + /* set NULL while trimming trailing whitespace */ do { *output-- = '\0'; @@ -776,6 +781,7 @@ AST_TEST_DEFINE(get_calleridname_test) const char *overflow1 = " \"quoted-text overflow 1234567890123456789012345678901234567890\" "; const char *noendquote = " \"quoted-text no end "; const char *addrspec = " \"sip:blah@blah "; + const char *no_quotes_no_brackets = "blah@blah"; const char *after_dname; char dname[40]; @@ -830,6 +836,15 @@ AST_TEST_DEFINE(get_calleridname_test) res = AST_TEST_FAIL; } + /* no quotes, no brackets */ + after_dname = get_calleridname(no_quotes_no_brackets, dname, sizeof(dname)); + ast_test_status_update(test, "no_quotes_no_brackets display-name1: %s\nafter: %s\n", dname, after_dname); + if (*dname != '\0' && after_dname != no_quotes_no_brackets) { + ast_test_status_update(test, "detection of addr-spec failed\n"); + res = AST_TEST_FAIL; + } + + return res; } @@ -1065,6 +1080,7 @@ AST_TEST_DEFINE(get_in_brackets_test) char missing_end_quote[] = "\"I'm a quote string "; char name_no_quotes[] = "name not in quotes "; char no_end_bracket[] = "name not in quotes