FreeCalypso > hg > themwi-system-sw

changeset 76:21276f045026

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sip-in: validate To header prior to tag addition
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 20 Sep 2022 16:40:07 -0800
parents dd845c4933e1
children fe39404092d9
files sip-in/invite.c
diffstat 1 files changed, 18 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/sip-in/invite.c	Tue Sep 20 12:28:37 2022 -0800
+++ b/sip-in/invite.c	Tue Sep 20 16:40:07 2022 -0800
@@ -98,7 +98,7 @@
 	struct sdp_gen sdp_gen;
 	struct call *call;
 	char *dp;
-	unsigned copylen;
+	unsigned req_uri_len, to_hdr_len, copylen;
 	int rc;
 
 	/* extract called number from Request-URI */
@@ -148,6 +148,23 @@
 		start_response_out_msg(&resp, "400 Malformed From header");
 		goto error_resp;
 	}
+	/* validate To header for the purpose of tag addition */
+	req_uri_len = strlen(req->req_uri);
+	to_hdr_len = strlen(ess->to);
+	if (to_hdr_len == req_uri_len) {
+		if (strcasecmp(ess->to, req->req_uri)) {
+bad_to_header:		start_response_out_msg(&resp, "400 Bad To header");
+			goto error_resp;
+		}
+	} else if (to_hdr_len == req_uri_len + 2) {
+		if (ess->to[0] != '<')
+			goto bad_to_header;
+		if (strncasecmp(ess->to+1, req->req_uri, req_uri_len))
+			goto bad_to_header;
+		if (ess->to[req_uri_len+1] != '>')
+			goto bad_to_header;
+	} else
+		goto bad_to_header;
 	/* check 100rel and catch any unsupported requirements */
 	supp_ext.name = "100rel";
 	supp_ext.req_flag = &ext_100rel_req;