Module: kamailio Branch: master Commit: 055fca8dd2ca9c2ea683a2ea3748d6728d54e5a5 URL: https://github.com/kamailio/kamailio/commit/055fca8dd2ca9c2ea683a2ea3748d6728d54e5a5
Author: Claudiu Boriga <paul.bor...@1and1.ro> Committer: Claudiu Boriga <paul.bor...@1and1.ro> Date: 2017-04-03T15:37:31+03:00 topoh: add additional safety checks - verify that headers contain expected prefix (including mask ip) before trying to unmask them; otherwise there may be issues when kamailio receives messages that are not masked and topoh is enabled. --- Modified: src/modules/topoh/th_msg.c --- Diff: https://github.com/kamailio/kamailio/commit/055fca8dd2ca9c2ea683a2ea3748d6728d54e5a5.diff Patch: https://github.com/kamailio/kamailio/commit/055fca8dd2ca9c2ea683a2ea3748d6728d54e5a5.patch --- diff --git a/src/modules/topoh/th_msg.c b/src/modules/topoh/th_msg.c index a320c4a..a1f117e3 100644 --- a/src/modules/topoh/th_msg.c +++ b/src/modules/topoh/th_msg.c @@ -390,6 +390,14 @@ int th_unmask_via(sip_msg_t *msg, str *cookie) LM_DBG("body: %d: [%.*s]\n", vlen, vlen, via->name.s); if(i!=1) { + /* Skip if via is not encoded */ + if (via->host.len!=th_ip.len + || strncasecmp(via->host.s, th_ip.s, th_ip.len)!=0) + { + LM_DBG("via %d is not encoded",i); + continue; + } + vp = th_get_via_param(via, &th_vparam_name); if(vp==NULL) { @@ -404,7 +412,7 @@ int th_unmask_via(sip_msg_t *msg, str *cookie) &th_vparam_prefix, 0, &out.len); if(out.s==NULL) { - LM_ERR("cannot encode via %d\n", i); + LM_ERR("cannot decode via %d\n", i); return -1; } @@ -475,6 +483,14 @@ int th_unmask_callid(sip_msg_t *msg) LM_ERR("cannot get Call-Id header\n"); return -1; } + + /* Do nothing if call-id is not encoded */ + if ((msg->callid->body.len<th_callid_prefix.len) || + (strncasecmp(msg->callid->body.s,th_callid_prefix.s,th_callid_prefix.len)!=0)) + { + LM_DBG("call-id [%.*s] not encoded",msg->callid->body.len,msg->callid->body.s); + return 0; + } out.s = th_mask_decode(msg->callid->body.s, msg->callid->body.len, &th_callid_prefix, 0, &out.len); @@ -670,6 +686,15 @@ int th_unmask_route(sip_msg_t *msg) i++; if(i!=1) { + /* Skip if route is not encoded */ + if ((rr->nameaddr.uri.len<th_uri_prefix.len) || + (strncasecmp(rr->nameaddr.uri.s,th_uri_prefix.s,th_uri_prefix.len)!=0)) + { + LM_DBG("rr %d is not encoded: [%.*s]",i,rr->nameaddr.uri.len,rr->nameaddr.uri.s); + rr = rr->next; + continue; + } + if(th_get_uri_param_value(&rr->nameaddr.uri, &th_uparam_name, &eval)<0 || eval.len<=0) return -1; @@ -710,6 +735,14 @@ int th_unmask_ruri(sip_msg_t *msg) struct lump* l; str out; + /* Do nothing if ruri is not encoded */ + if ((REQ_LINE(msg).uri.len<th_uri_prefix.len) || + (strncasecmp(REQ_LINE(msg).uri.s,th_uri_prefix.s,th_uri_prefix.len)!=0)) + { + LM_DBG("ruri [%.*s] is not encoded",REQ_LINE(msg).uri.len,REQ_LINE(msg).uri.s); + return 0; + } + if(th_get_uri_param_value(&REQ_LINE(msg).uri, &th_uparam_name, &eval)<0 || eval.len<=0) return -1; @@ -763,6 +796,15 @@ int th_unmask_refer_to(sip_msg_t *msg) } uri = &(get_refer_to(msg)->uri); + + /* Do nothing if refer_to is not encoded */ + if ((uri->len<th_uri_prefix.len) + || (strncasecmp(uri->s, th_uri_prefix.s, th_uri_prefix.len)!=0)) + { + LM_DBG("refer-to [%.*s] is not encoded",uri->len,uri->s); + return 0; + } + if(th_get_uri_param_value(uri, &th_uparam_name, &eval)<0 || eval.len<=0) return -1; _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
