Author: file Date: Wed Nov 19 05:51:23 2014 New Revision: 428197 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428197 Log: res_pjsip_refer: Ensure Refer-To is NULL terminated and parse it as a URI.
There is no guarantee that when we get a Refer-To that it will be NULL terminated. As the URI parsing function requires it to be we now NULL terminate it. Additionally parsing the Refer-To as a 'To' header is needless and it can simply be done as a URI. This also fixes a problem where certain Refer-To headers would not be parsed as a 'To' header causing the REFER to fail. ASTERISK-24508 #close Reported by: Beppo Mazzucato Review: https://reviewboard.asterisk.org/r/4187/ ........ Merged revisions 428195 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 428196 from http://svn.asterisk.org/svn/asterisk/branches/13 Modified: trunk/ (props changed) trunk/res/res_pjsip_refer.c Propchange: trunk/ ------------------------------------------------------------------------------ Binary property 'branch-13-merged' - no diff available. Modified: trunk/res/res_pjsip_refer.c URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_pjsip_refer.c?view=diff&rev=428197&r1=428196&r2=428197 ============================================================================== --- trunk/res/res_pjsip_refer.c (original) +++ trunk/res/res_pjsip_refer.c Wed Nov 19 05:51:23 2014 @@ -848,14 +848,14 @@ static int refer_incoming_refer_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata) { pjsip_generic_string_hdr *refer_to; - pjsip_fromto_hdr *target; + char *uri; + pjsip_uri *target; pjsip_sip_uri *target_uri; RAII_VAR(struct refer_progress *, progress, NULL, ao2_cleanup); pjsip_param *replaces; int response; static const pj_str_t str_refer_to = { "Refer-To", 8 }; - static const pj_str_t str_to = { "To", 2 }; static const pj_str_t str_replaces = { "Replaces", 8 }; if (!session->endpoint->allowtransfer) { @@ -874,12 +874,16 @@ return 0; } - /* Parse the provided URI string as a To header so we can get the target */ - target = pjsip_parse_hdr(rdata->tp_info.pool, &str_to, - (char *) pj_strbuf(&refer_to->hvalue), pj_strlen(&refer_to->hvalue), NULL); + /* This is done on purpose (and is safe) - it's done so that the value passed to + * pjsip_parse_uri is NULL terminated as required + */ + uri = refer_to->hvalue.ptr; + uri[refer_to->hvalue.slen] = '\0'; + + target = pjsip_parse_uri(rdata->tp_info.pool, refer_to->hvalue.ptr, refer_to->hvalue.slen, 0); if (!target - || (!PJSIP_URI_SCHEME_IS_SIP(target->uri) - && !PJSIP_URI_SCHEME_IS_SIPS(target->uri))) { + || (!PJSIP_URI_SCHEME_IS_SIP(target) + && !PJSIP_URI_SCHEME_IS_SIPS(target))) { size_t uri_size = pj_strlen(&refer_to->hvalue) + 1; char *uri = ast_alloca(uri_size); @@ -890,7 +894,7 @@ uri, ast_channel_name(session->channel), ast_sorcery_object_get_id(session->endpoint)); return 0; } - target_uri = pjsip_uri_get_uri(target->uri); + target_uri = pjsip_uri_get_uri(target); /* Set up REFER progress subscription if requested/possible */ if (refer_progress_alloc(session, rdata, &progress)) { -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
