topoh: add additional safety checks 1052/head
authorClaudiu Boriga <paul.boriga@1and1.ro>
Mon, 3 Apr 2017 09:13:30 +0000 (12:13 +0300)
committerClaudiu Boriga <paul.boriga@1and1.ro>
Mon, 3 Apr 2017 12:37:31 +0000 (15:37 +0300)
- verify that headers contain expected prefix (including mask ip)
  before trying to unmask them; otherwise there may be issues when
  kamailio receives messages that are not masked and topoh is enabled.

src/modules/topoh/th_msg.c

index a320c4a..a1f117e 100644 (file)
@@ -390,6 +390,14 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
                        LM_DBG("body: %d: [%.*s]\n", vlen, vlen, via->name.s);
                        if(i!=1)
                        {
+                               /* Skip if via is not encoded */
+                               if (via->host.len!=th_ip.len
+                                               || strncasecmp(via->host.s, th_ip.s, th_ip.len)!=0)
+                               {
+                                       LM_DBG("via %d is not encoded",i);
+                                       continue;
+                               }
+
                                vp = th_get_via_param(via, &th_vparam_name);
                                if(vp==NULL)
                                {
@@ -404,7 +412,7 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
                                                        &th_vparam_prefix, 0, &out.len);
                                if(out.s==NULL)
                                {
-                                       LM_ERR("cannot encode via %d\n", i);
+                                       LM_ERR("cannot decode via %d\n", i);
                                        return -1;
                                }
                                        
@@ -475,6 +483,14 @@ int th_unmask_callid(sip_msg_t *msg)
                LM_ERR("cannot get Call-Id header\n");
                return -1;
        }
+
+       /* Do nothing if call-id is not encoded */
+       if ((msg->callid->body.len<th_callid_prefix.len) ||
+                       (strncasecmp(msg->callid->body.s,th_callid_prefix.s,th_callid_prefix.len)!=0))
+       {
+               LM_DBG("call-id [%.*s] not encoded",msg->callid->body.len,msg->callid->body.s);
+               return 0;
+       }
                                
        out.s = th_mask_decode(msg->callid->body.s, msg->callid->body.len,
                                        &th_callid_prefix, 0, &out.len);
@@ -670,6 +686,15 @@ int th_unmask_route(sip_msg_t *msg)
                        i++;
                        if(i!=1)
                        {
+                               /* Skip if route is not encoded */
+                               if ((rr->nameaddr.uri.len<th_uri_prefix.len) ||
+                                               (strncasecmp(rr->nameaddr.uri.s,th_uri_prefix.s,th_uri_prefix.len)!=0))
+                               {
+                                       LM_DBG("rr %d is not encoded: [%.*s]",i,rr->nameaddr.uri.len,rr->nameaddr.uri.s);
+                                       rr = rr->next;
+                                       continue;
+                               }
+
                                if(th_get_uri_param_value(&rr->nameaddr.uri, &th_uparam_name,
                                                        &eval)<0 || eval.len<=0)
                                        return -1;
@@ -710,6 +735,14 @@ int th_unmask_ruri(sip_msg_t *msg)
        struct lump* l;
        str out;
 
+       /* Do nothing if ruri is not encoded */
+       if ((REQ_LINE(msg).uri.len<th_uri_prefix.len) ||
+                       (strncasecmp(REQ_LINE(msg).uri.s,th_uri_prefix.s,th_uri_prefix.len)!=0))
+       {
+               LM_DBG("ruri [%.*s] is not encoded",REQ_LINE(msg).uri.len,REQ_LINE(msg).uri.s);
+               return 0;
+       }
+
        if(th_get_uri_param_value(&REQ_LINE(msg).uri, &th_uparam_name, &eval)<0
                        || eval.len<=0)
                return -1;
@@ -763,6 +796,15 @@ int th_unmask_refer_to(sip_msg_t *msg)
        }
 
        uri = &(get_refer_to(msg)->uri);
+
+       /* Do nothing if refer_to is not encoded */
+       if ((uri->len<th_uri_prefix.len)
+                       || (strncasecmp(uri->s, th_uri_prefix.s, th_uri_prefix.len)!=0))
+       {
+               LM_DBG("refer-to [%.*s] is not encoded",uri->len,uri->s);
+               return 0;
+       }
+
        if(th_get_uri_param_value(uri, &th_uparam_name, &eval)<0
                        || eval.len<=0)
                return -1;