encode/decode URIs in 'pedantic' mode (issue #3923)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6441 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-06 12:36:58 +00:00 · 2005-08-29 22:39:39 +00:00
parent 0f03a734b1
commit 1824c2f630
3 changed files with 222 additions and 115 deletions
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -1407,23 +1407,6 @@ static int send_request(struct sip_pvt *p, struct sip_request *req, int reliable
 	return res;
 }
 /*--- url_decode: Decode SIP URL (overwrite the string)  ---*/
 static void url_decode(char *s) 
 {
 	char *o;
 	unsigned int tmp;
 	for (o = s; *s; s++, o++) {
 		if (*s == '%' && strlen(s) > 2 && sscanf(s + 1, "%2x", &tmp) == 1) {
 			/* have '%', two chars and correct parsing */
 			*o = tmp;
 			s += 2;	/* Will be incremented once more when we break out */
 		} else /* all other cases, just copy */
 			*o = *s;
 	}
 	*o = '\0';
 }
 /*--- get_in_brackets: Pick out text in brackets from character string ---*/
 /* returns pointer to terminated stripped string. modifies input string. */
 static char *get_in_brackets(char *tmp)
@@ -4348,15 +4331,16 @@ static void build_contact(struct sip_pvt *p)
 		snprintf(p->our_contact, sizeof(p->our_contact), "<sip:%s%s%s>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip));
 }
-/*--- initreqprep: Initiate SIP request to peer/user ---*/
+/*--- initreqprep: Initiate new SIP request to peer/user ---*/
 static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, char *vxml_url)
 {
-	char invite[256]="";
+	char invite[256] = "";
 	char from[256];
 	char to[256];
-	char tmp[80];
+	char tmp[BUFSIZ/2];
 	char tmp2[BUFSIZ/2];
 	char iabuf[INET_ADDRSTRLEN];
-	char *l = default_callerid, *n=NULL;
+	char *l = default_callerid, *n = NULL;
 	int x;
 	char urioptions[256]="";
@@ -4372,7 +4356,7 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
        	if (p->username && p->username[0] == '+')
 			x=1;
-		for (; x<strlen(p->username); x++) {
+		for (; x < strlen(p->username); x++) {
 			if (!strchr(AST_DIGIT_ANYNUM, p->username[x])) {
                		onlydigits = 0;
 				break;
@@ -4412,8 +4396,15 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
 	else /* Save for any further attempts */
 		ast_copy_string(p->fromname, n, sizeof(p->fromname));
 	if (pedanticsipchecking) {
 		ast_uri_encode(n, tmp, sizeof(tmp), 0);
 		n = tmp;
 		ast_uri_encode(l, tmp2, sizeof(tmp2), 0);
 		l = tmp2;
 	}
 	if ((ourport != 5060) && ast_strlen_zero(p->fromdomain))	/* Needs to be 5060 */
-		snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s:%d>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, ourport, p->tag);
+		snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s:%d>;tag=as%08x", tmp, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, ourport, p->tag);
 	else
 		snprintf(from, sizeof(from), "\"%s\" <sip:%s@%s>;tag=as%08x", n, l, ast_strlen_zero(p->fromdomain) ? ast_inet_ntoa(iabuf, sizeof(iabuf), p->ourip) : p->fromdomain, p->tag);
@@ -4423,10 +4414,15 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
 		ast_copy_string(invite, p->fullcontact, sizeof(invite));
 	/* Otherwise, use the username while waiting for registration */
 	} else if (!ast_strlen_zero(p->username)) {
 		n = p->username;
 		if (pedanticsipchecking) {
 			ast_uri_encode(n, tmp, sizeof(tmp), 0);
 			n = tmp;
 		}
 		if (ntohs(p->sa.sin_port) != 5060) {		/* Needs to be 5060 */
-			snprintf(invite, sizeof(invite), "sip:%s@%s:%d%s",p->username, p->tohost, ntohs(p->sa.sin_port), urioptions);
+			snprintf(invite, sizeof(invite), "sip:%s@%s:%d%s", n, p->tohost, ntohs(p->sa.sin_port), urioptions);
 		} else {
-			snprintf(invite, sizeof(invite), "sip:%s@%s%s",p->username, p->tohost, urioptions);
+			snprintf(invite, sizeof(invite), "sip:%s@%s%s", n, p->tohost, urioptions);
 		}
 	} else if (ntohs(p->sa.sin_port) != 5060) {		/* Needs to be 5060 */
 		snprintf(invite, sizeof(invite), "sip:%s:%d%s", p->tohost, ntohs(p->sa.sin_port), urioptions);
@@ -4434,9 +4430,9 @@ static void initreqprep(struct sip_request *req, struct sip_pvt *p, int sipmetho
 		snprintf(invite, sizeof(invite), "sip:%s%s", p->tohost, urioptions);
 	}
 	ast_copy_string(p->uri, invite, sizeof(p->uri));
 	/* If there is a VXML URL append it to the SIP URL */
-	if (vxml_url)
+	if (vxml_url) {
 	{
 		snprintf(to, sizeof(to), "<%s>;%s", invite, vxml_url);
 	} else {
 		snprintf(to, sizeof(to), "<%s>", invite);
@@ -5756,7 +5752,7 @@ static int cb_extensionstate(char *context, char* exten, enum ast_extension_stat
 /*--- register_verify: Verify registration of user */
 static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri, int ignore)
 {
-	int res = -1;
+	int res = -3;
 	struct sip_peer *peer;
 	char tmp[256] = "";
 	char iabuf[INET_ADDRSTRLEN];
@@ -5770,6 +5766,9 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
 	*t = '\0';
 	ast_copy_string(tmp, get_header(req, "To"), sizeof(tmp));
 	if (pedanticsipchecking)
 		ast_uri_decode(tmp);
 	c = get_in_brackets(tmp);
 	/* Ditch ;user=phone */
 	name = strchr(c, ';');
@@ -5838,7 +5837,7 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
 		switch (res) {
 		case -1:
 			/* Wrong password in authentication. Go away, don't try again until you fixed it */
-			transmit_response(p, "403 Forbidden", &p->initreq);
+			transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
 			break;
 		case -2:
 			/* Username and digest username does not match. 
@@ -5847,6 +5846,15 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
 			   proper authentication by digest auth name */
 			transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
 			break;
 		case -3:
 			/* URI not found */
 			transmit_response(p, "404 Not found", &p->initreq);
 			break;
 		}
 		if (option_debug > 1) {
 			ast_log(LOG_DEBUG, "SIP REGISTER attempt failed for %s : %s\n",
 				peer->name,
 				(res == -1) ? "Bad password" : ((res == -2 ) ? "Bad digest user" : "Peer not found"));
 		}
 	}
 	if (peer)
@@ -5894,10 +5902,16 @@ static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
 		req = &p->initreq;
 	if (req->rlPart2)
 		ast_copy_string(tmp, req->rlPart2, sizeof(tmp));
 	c = get_in_brackets(tmp);
 	ast_copy_string(tmpf, get_header(req, "From"), sizeof(tmpf));
 	if (pedanticsipchecking) {
 		ast_uri_decode(tmp);
 		ast_uri_decode(tmpf);
 	}
 	fr = get_in_brackets(tmpf);
 	c = get_in_brackets(tmp);
 	if (strncmp(c, "sip:", 4)) {
 		ast_log(LOG_WARNING, "Huh?  Not a SIP header (%s)?\n", c);
@@ -5930,7 +5944,7 @@ static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
 			ast_copy_string(p->fromdomain, fr, sizeof(p->fromdomain));
 	}
 	if (pedanticsipchecking)
-		url_decode(c);
+		ast_uri_decode(c);
 	if (sip_debug_test_pvt(p))
 		ast_verbose("Looking for %s in %s\n", c, p->context);
 	if (ast_exists_extension(NULL, p->context, c, 1, fr) ||
@@ -6004,6 +6018,9 @@ static int get_refer_info(struct sip_pvt *sip_pvt, struct sip_request *outgoing_
 		ast_log(LOG_WARNING, "No Referrred-By Header That's not illegal\n");
 		return -1;
 	} else {
 		if (pedanticsipchecking) {
 			ast_uri_decode(h_referred_by);
 		}
 		referred_by = get_in_brackets(h_referred_by);
 	}
 	h_contact = get_header(req, "Contact");
@@ -6035,7 +6052,7 @@ static int get_refer_info(struct sip_pvt *sip_pvt, struct sip_request *outgoing_
 			   replaces_header = ast_strdupa(replace_callid); 
 			   -anthm
 			*/
-			url_decode(replace_callid);
+			ast_uri_decode(replace_callid);
 			if ((ptr = strchr(replace_callid, '%'))) 
 				*ptr = '\0';
 			if ((ptr = strchr(replace_callid, ';'))) 
@@ -6291,7 +6308,11 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, int sipme
 		t++;
 	*t = '\0';
 	of = get_header(req, "From");
 	if (pedanticsipchecking)
 		ast_uri_decode(of);
 	ast_copy_string(from, of, sizeof(from));
 	memset(calleridname,0,sizeof(calleridname));
 	get_calleridname(from, calleridname, sizeof(calleridname));
@@ -9832,7 +9853,7 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, i
 	/* Use this as the basis */
 	if (debug)
-		ast_verbose("Using latest request as basis request\n");
+		ast_verbose("Using latest REGISTER request as basis request\n");
 	copy_request(&p->initreq, req);
 	check_via(p, req);
 	if ((res = register_verify(p, sin, req, e, ignore)) < 0) 
--- a/include/asterisk/utils.h
+++ b/include/asterisk/utils.h
@@ -128,11 +128,37 @@ struct ast_hostent {
 };
 extern struct hostent *ast_gethostbyname(const char *host, struct ast_hostent *hp);
-/* ast_md5_hash: Produces MD5 hash based on input string */
+
 /* ast_md5_hash 
 	\brief Produces MD5 hash based on input string */
 extern void ast_md5_hash(char *output, char *input);
 extern int ast_base64encode(char *dst, unsigned char *src, int srclen, int max);
 extern int ast_base64decode(unsigned char *dst, char *src, int max);
 /*! ast_uri_encode
 	\brief Turn text string to URI-encoded %XX version 
 	At this point, we're converting from ISO-8859-x (8-bit), not UTF8
 	as in the SIP protocol spec 
 	If doreserved == 1 we will convert reserved characters also.
 	RFC 2396, section 2.4
 	outbuf needs to have more memory allocated than the instring
 	to have room for the expansion. Every char that is converted
 	is replaced by three ASCII characters.
 	\param string	String to be converted
 	\param outbuf	Resulting encoded string
 	\param buflen	Size of output buffer
 	\param doreserved	Convert reserved characters
 */
 char *ast_uri_encode(char *string, char *outbuf, int buflen, int doreserved);
 /*!	\brief Decode URI, URN, URL (overwrite string)
 	\param s	String to be decoded 
 */
 void ast_uri_decode(char *s);
 extern int test_for_thread_safety(void);
 extern const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia);
--- a/utils.c
+++ b/utils.c
@@ -382,7 +382,66 @@ static void base64_init(void)
 #endif
 }
-/* Recursive thread safe replacement of inet_ntoa */
+/*--- ast_uri_encode: Turn text string to URI-encoded %XX version ---*/
 /* 	At this point, we're converting from ISO-8859-x (8-bit), not UTF8
 	as in the SIP protocol spec 
 	If doreserved == 1 we will convert reserved characters also.
 	RFC 2396, section 2.4
 	outbuf needs to have more memory allocated than the instring
 	to have room for the expansion. Every char that is converted
 	is replaced by three ASCII characters.
 	Note: The doreserved option is needed for replaces header in
 	SIP transfers.
 */
 char *ast_uri_encode(char *string, char *outbuf, int buflen, int doreserved) 
 {
 	char *reserved = ";/?:@&=+$, ";	/* Reserved chars */
 	char *ptr  = string;	/* Start with the string */
 	char *out = NULL;
 	char *buf = NULL;
 	strncpy(outbuf, string, buflen);
 	/* If there's no characters to convert, just go through and don't do anything */
 	while (*ptr) {
 		if (((unsigned char) *ptr) > 127 || (doreserved && strchr(reserved, *ptr)) ) {
 			/* Oops, we need to start working here */
 			if (!buf) {
 				buf = outbuf;
 				out = buf + (ptr - string) ;	/* Set output ptr */
 			}
 			out += sprintf(out, "%%%02x", (unsigned char) *ptr);
 		} else if (buf) {
 			*out = *ptr;	/* Continue copying the string */
 			out++;
 		} 
 		ptr++;
 	}
 	if (buf)
 		*out = '\0';
 	return outbuf;
 }
 /*--- ast_uri_decode: Decode SIP URI, URN, URL (overwrite the string)  ---*/
 void ast_uri_decode(char *s) 
 {
 	char *o;
 	unsigned int tmp;
 	for (o = s; *s; s++, o++) {
 		if (*s == '%' && strlen(s) > 2 && sscanf(s + 1, "%2x", &tmp) == 1) {
 			/* have '%', two chars and correct parsing */
 			*o = tmp;
 			s += 2;	/* Will be incremented once more when we break out */
 		} else /* all other cases, just copy */
 			*o = *s;
 	}
 	*o = '\0';
 }
 /*--- ast_inet_ntoa: Recursive thread safe replacement of inet_ntoa */
 const char *ast_inet_ntoa(char *buf, int bufsiz, struct in_addr ia)
 {
 	return inet_ntop(AF_INET, &ia, buf, bufsiz);
@@ -397,6 +456,7 @@ int ast_utils_init(void)
 #ifndef __linux__
 #undef pthread_create /* For ast_pthread_create function only */
 #endif /* ! LINUX */
 int ast_pthread_create_stack(pthread_t *thread, pthread_attr_t *attr, void *(*start_routine)(void *), void *data, size_t stacksize)
 {
 	pthread_attr_t lattr;
@@ -634,9 +694,9 @@ int vasprintf(char **strp, const char *fmt, va_list ap)
 #ifndef HAVE_STRTOQ
 #define LONG_MIN        (-9223372036854775807L-1L)
-                                        /* min value of a "long int" */
+	                                 /* min value of a "long int" */
 #define LONG_MAX        9223372036854775807L
-                                        /* max value of a "long int" */
+	                                 /* max value of a "long int" */
 /*
 * Convert a string to a quad integer.
@@ -646,85 +706,85 @@ int vasprintf(char **strp, const char *fmt, va_list ap)
 */
 uint64_t strtoq(const char *nptr, char **endptr, int base)
 {
-        const char *s;
+	 const char *s;
-        uint64_t acc;
+	 uint64_t acc;
-        unsigned char c;
+	 unsigned char c;
-        uint64_t qbase, cutoff;
+	 uint64_t qbase, cutoff;
-        int neg, any, cutlim;
+	 int neg, any, cutlim;
-        /*
+	 /*
-         * Skip white space and pick up leading +/- sign if any.
+	  * Skip white space and pick up leading +/- sign if any.
-         * If base is 0, allow 0x for hex and 0 for octal, else
+	  * If base is 0, allow 0x for hex and 0 for octal, else
-         * assume decimal; if base is already 16, allow 0x.
+	  * assume decimal; if base is already 16, allow 0x.
-         */
+	  */
-        s = nptr;
+	 s = nptr;
-        do {
+	 do {
-                c = *s++;
+	         c = *s++;
-        } while (isspace(c));
+	 } while (isspace(c));
-        if (c == '-') {
+	 if (c == '-') {
-                neg = 1;
+	         neg = 1;
-                c = *s++;
+	         c = *s++;
-        } else {
+	 } else {
-                neg = 0;
+	         neg = 0;
-                if (c == '+')
+	         if (c == '+')
-                        c = *s++;
+	                 c = *s++;
-        }
+	 }
-        if ((base == 0 || base == 16) &&
+	 if ((base == 0 || base == 16) &&
-            c == '\0' && (*s == 'x' || *s == 'X')) {
+	     c == '\0' && (*s == 'x' || *s == 'X')) {
-                c = s[1];
+	         c = s[1];
-                s += 2;
+	         s += 2;
-                base = 16;
+	         base = 16;
-        }
+	 }
-        if (base == 0)
+	 if (base == 0)
-                base = c == '\0' ? 8 : 10;
+	         base = c == '\0' ? 8 : 10;
-        /*
+	 /*
-         * Compute the cutoff value between legal numbers and illegal
+	  * Compute the cutoff value between legal numbers and illegal
-         * numbers.  That is the largest legal value, divided by the
+	  * numbers.  That is the largest legal value, divided by the
-         * base.  An input number that is greater than this value, if
+	  * base.  An input number that is greater than this value, if
-         * followed by a legal input character, is too big.  One that
+	  * followed by a legal input character, is too big.  One that
-         * is equal to this value may be valid or not; the limit
+	  * is equal to this value may be valid or not; the limit
-         * between valid and invalid numbers is then based on the last
+	  * between valid and invalid numbers is then based on the last
-         * digit.  For instance, if the range for quads is
+	  * digit.  For instance, if the range for quads is
-         * [-9223372036854775808..9223372036854775807] and the input base
+	  * [-9223372036854775808..9223372036854775807] and the input base
-         * is 10, cutoff will be set to 922337203685477580 and cutlim to
+	  * is 10, cutoff will be set to 922337203685477580 and cutlim to
-         * either 7 (neg==0) or 8 (neg==1), meaning that if we have
+	  * either 7 (neg==0) or 8 (neg==1), meaning that if we have
-         * accumulated a value > 922337203685477580, or equal but the
+	  * accumulated a value > 922337203685477580, or equal but the
-         * next digit is > 7 (or 8), the number is too big, and we will
+	  * next digit is > 7 (or 8), the number is too big, and we will
-         * return a range error.
+	  * return a range error.
-         *
+	  *
-         * Set any if any `digits' consumed; make it negative to indicate
+	  * Set any if any `digits' consumed; make it negative to indicate
-         * overflow.
+	  * overflow.
-         */
+	  */
-        qbase = (unsigned)base;
+	 qbase = (unsigned)base;
-        cutoff = neg ? (uint64_t)-(LONG_MIN + LONG_MAX) + LONG_MAX : LONG_MAX;
+	 cutoff = neg ? (uint64_t)-(LONG_MIN + LONG_MAX) + LONG_MAX : LONG_MAX;
-        cutlim = cutoff % qbase;
+	 cutlim = cutoff % qbase;
-        cutoff /= qbase;
+	 cutoff /= qbase;
-        for (acc = 0, any = 0;; c = *s++) {
+	 for (acc = 0, any = 0;; c = *s++) {
-                if (!isascii(c))
+	         if (!isascii(c))
-                        break;
+	                 break;
-                if (isdigit(c))
+	         if (isdigit(c))
-                        c -= '\0';
+	                 c -= '\0';
-                else if (isalpha(c))
+	         else if (isalpha(c))
-                        c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+	                 c -= isupper(c) ? 'A' - 10 : 'a' - 10;
-                else
+	         else
-                        break;
+	                 break;
-                if (c >= base)
+	         if (c >= base)
-                        break;
+	                 break;
-                if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
+	         if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
-                        any = -1;
+	                 any = -1;
-                else {
+	         else {
-                        any = 1;
+	                 any = 1;
-                        acc *= qbase;
+	                 acc *= qbase;
-                        acc += c;
+	                 acc += c;
-                }
+	         }
-        }
+	 }
-        if (any < 0) {
+	 if (any < 0) {
-                acc = neg ? LONG_MIN : LONG_MAX;
+	         acc = neg ? LONG_MIN : LONG_MAX;
-        } else if (neg)
+	 } else if (neg)
-                acc = -acc;
+	         acc = -acc;
-        if (endptr != 0)
+	 if (endptr != 0)
-                *((const char **)endptr) = any ? s - 1 : nptr;
+	         *((const char **)endptr) = any ? s - 1 : nptr;
-        return (acc);
+	 return acc;
 }
 #endif