# HG changeset patch
# User Mychaela Falconia <falcon@freecalypso.org>
# Date 1663720807 28800
# Node ID 21276f0450266ccd4e0145576f30bf250a35bae6
# Parent  dd845c4933e19f915506d9312f69d80d9fa1b60d
sip-in: validate To header prior to tag addition

diff -r dd845c4933e1 -r 21276f045026 sip-in/invite.c
--- a/sip-in/invite.c	Tue Sep 20 12:28:37 2022 -0800
+++ b/sip-in/invite.c	Tue Sep 20 16:40:07 2022 -0800
@@ -98,7 +98,7 @@
 	struct sdp_gen sdp_gen;
 	struct call *call;
 	char *dp;
-	unsigned copylen;
+	unsigned req_uri_len, to_hdr_len, copylen;
 	int rc;
 
 	/* extract called number from Request-URI */
@@ -148,6 +148,23 @@
 		start_response_out_msg(&resp, "400 Malformed From header");
 		goto error_resp;
 	}
+	/* validate To header for the purpose of tag addition */
+	req_uri_len = strlen(req->req_uri);
+	to_hdr_len = strlen(ess->to);
+	if (to_hdr_len == req_uri_len) {
+		if (strcasecmp(ess->to, req->req_uri)) {
+bad_to_header:		start_response_out_msg(&resp, "400 Bad To header");
+			goto error_resp;
+		}
+	} else if (to_hdr_len == req_uri_len + 2) {
+		if (ess->to[0] != '<')
+			goto bad_to_header;
+		if (strncasecmp(ess->to+1, req->req_uri, req_uri_len))
+			goto bad_to_header;
+		if (ess->to[req_uri_len+1] != '>')
+			goto bad_to_header;
+	} else
+		goto bad_to_header;
 	/* check 100rel and catch any unsupported requirements */
 	supp_ext.name = "100rel";
 	supp_ext.req_flag = &ext_100rel_req;