Improve XML sanitization in NOTIFYs, especially for presence subtypes and messages.

Embedded carriage return line feed combinations may appear in presence subtypes and messages since they may be derived from user input in an instant messenger client. As such, they need to be properly escaped so that XML parsers do not vomit when the messages are received. ........ Merged revisions 413372 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413381 65c4cc65-6c06-0410-ace0-fbb531ad65f3
11 years ago · 065bd7d703
parent 9eae6c3f5b
commit 065bd7d703
2 changed files with 12 additions and 5 deletions
--- a/res/res_pjsip/presence_xml.c
+++ b/res/res_pjsip/presence_xml.c
@ -43,7 +43,7 @@ void ast_sip_sanitize_xml(const char *input, char *output, size_t len)

 	output[0] = '\0';

-	while ((break_point = strpbrk(copy, "<>\"&'"))) {
+	while ((break_point = strpbrk(copy, "<>\"&'\n\r"))) {
 		char to_escape = *break_point;

 		*break_point = '\0';
@ -65,6 +65,12 @@ void ast_sip_sanitize_xml(const char *input, char *output, size_t len)
 		case '\'':
 			strncat(output, "&apos;", len);
 			break;
+		case '\r':
+			strncat(output, "&#13;", len);
+			break;
+		case '\n':
+			strncat(output, "&#10;", len);
+			break;
 		};

 		copy = break_point + 1;
--- a/res/res_pjsip_pidf_digium_body_supplement.c
+++ b/res/res_pjsip_pidf_digium_body_supplement.c
@ -40,6 +40,7 @@ static int pidf_supplement_body(void *body, void *data)
 {
 	struct ast_sip_exten_state_data *state_data = data;
 	pj_xml_node *node;
+	char sanitized[256];

 	if (ast_strlen_zero(state_data->user_agent) ||
 	    !strstr(state_data->user_agent, "digium")) {
@ -69,8 +70,8 @@ static int pidf_supplement_body(void *body, void *data)
 	}

 	if (!ast_strlen_zero(state_data->presence_message)) {
-			pj_strdup2(state_data->pool, &node->content,
-				   state_data->presence_message);
+		ast_sip_sanitize_xml(state_data->presence_message, sanitized, sizeof(sanitized));
+		pj_strdup2(state_data->pool, &node->content, sanitized);
 	}

 	ast_sip_presence_xml_create_attr(
@ -78,9 +79,9 @@ static int pidf_supplement_body(void *body, void *data)
 			state_data->presence_state));

 	if (!ast_strlen_zero(state_data->presence_subtype)) {
+		ast_sip_sanitize_xml(state_data->presence_subtype, sanitized, sizeof(sanitized));
 		ast_sip_presence_xml_create_attr(
-			state_data->pool, node, "subtype",
-			state_data->presence_subtype);
+			state_data->pool, node, "subtype", sanitized);
 	}

 	return 0;