themwi-system-sw: sip-in/invite.c comparison

sip-in: validate To header prior to tag addition

author	Mychaela Falconia <falcon@freecalypso.org>
date	Tue, 20 Sep 2022 16:40:07 -0800
parents	5beb51de1bae
children	fe39404092d9

comparison

equal deleted inserted replaced

-:dd845c4933e1
+:21276f045026
 	int ext_100rel_req, ext_100rel_sup, use_100rel, use_pcma;
 	struct sdp_parse sdp_parse;
 	struct sdp_gen sdp_gen;
 	struct call *call;
 	char *dp;
-	unsigned copylen;
+	unsigned req_uri_len, to_hdr_len, copylen;
 	int rc;
 	/* extract called number from Request-URI */
 	rc = user_from_sip_uri(req->req_uri, uri_user, 12);
 	if (rc < 0) {
 	rc = grok_from_header(ess->from, &gfrom);
 	if (rc < 0) {
 		start_response_out_msg(&resp, "400 Malformed From header");
 		goto error_resp;
 	}
+	/* validate To header for the purpose of tag addition */
+	req_uri_len = strlen(req->req_uri);
+	to_hdr_len = strlen(ess->to);
+	if (to_hdr_len == req_uri_len) {
+		if (strcasecmp(ess->to, req->req_uri)) {
+bad_to_header:		start_response_out_msg(&resp, "400 Bad To header");
+			goto error_resp;
+		}
+	} else if (to_hdr_len == req_uri_len + 2) {
+		if (ess->to[0] != '<')
+			goto bad_to_header;
+		if (strncasecmp(ess->to+1, req->req_uri, req_uri_len))
+			goto bad_to_header;
+		if (ess->to[req_uri_len+1] != '>')
+			goto bad_to_header;
+	} else
+		goto bad_to_header;
 	/* check 100rel and catch any unsupported requirements */
 	supp_ext.name = "100rel";
 	supp_ext.req_flag = &ext_100rel_req;
 	supp_ext.sup_flag = &ext_100rel_sup;
 	ext_100rel_req = ext_100rel_sup = 0;

FreeCalypso > hg > themwi-system-sw