Browse code

topoh: add additional safety checks

- verify that headers contain expected prefix (including mask ip)
before trying to unmask them; otherwise there may be issues when
kamailio receives messages that are not masked and topoh is enabled.

(cherry picked from commit 055fca8dd2ca9c2ea683a2ea3748d6728d54e5a5)

Claudiu Boriga authored on 03/04/2017 09:13:30 • Daniel-Constantin Mierla committed on 04/04/2017 11:53:48
Showing 1 changed files
... ...
@@ -390,6 +390,14 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
390 390
 			LM_DBG("body: %d: [%.*s]\n", vlen, vlen, via->name.s);
391 391
 			if(i!=1)
392 392
 			{
393
+				/* Skip if via is not encoded */
394
+				if (via->host.len!=th_ip.len
395
+						|| strncasecmp(via->host.s, th_ip.s, th_ip.len)!=0)
396
+				{
397
+					LM_DBG("via %d is not encoded",i);
398
+					continue;
399
+				}
400
+
393 401
 				vp = th_get_via_param(via, &th_vparam_name);
394 402
 				if(vp==NULL)
395 403
 				{
... ...
@@ -404,7 +412,7 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
404 412
 							&th_vparam_prefix, 0, &out.len);
405 413
 				if(out.s==NULL)
406 414
 				{
407
-					LM_ERR("cannot encode via %d\n", i);
415
+					LM_ERR("cannot decode via %d\n", i);
408 416
 					return -1;
409 417
 				}
410 418
 					
... ...
@@ -475,6 +483,14 @@ int th_unmask_callid(sip_msg_t *msg)
475 483
 		LM_ERR("cannot get Call-Id header\n");
476 484
 		return -1;
477 485
 	}
486
+
487
+	/* Do nothing if call-id is not encoded */
488
+	if ((msg->callid->body.len<th_callid_prefix.len) ||
489
+			(strncasecmp(msg->callid->body.s,th_callid_prefix.s,th_callid_prefix.len)!=0))
490
+	{
491
+		LM_DBG("call-id [%.*s] not encoded",msg->callid->body.len,msg->callid->body.s);
492
+		return 0;
493
+	}
478 494
 				
479 495
 	out.s = th_mask_decode(msg->callid->body.s, msg->callid->body.len,
480 496
 					&th_callid_prefix, 0, &out.len);
... ...
@@ -670,6 +686,15 @@ int th_unmask_route(sip_msg_t *msg)
670 686
 			i++;
671 687
 			if(i!=1)
672 688
 			{
689
+				/* Skip if route is not encoded */
690
+				if ((rr->nameaddr.uri.len<th_uri_prefix.len) ||
691
+						(strncasecmp(rr->nameaddr.uri.s,th_uri_prefix.s,th_uri_prefix.len)!=0))
692
+				{
693
+					LM_DBG("rr %d is not encoded: [%.*s]",i,rr->nameaddr.uri.len,rr->nameaddr.uri.s);
694
+					rr = rr->next;
695
+					continue;
696
+				}
697
+
673 698
 				if(th_get_uri_param_value(&rr->nameaddr.uri, &th_uparam_name,
674 699
 							&eval)<0 || eval.len<=0)
675 700
 					return -1;
... ...
@@ -710,6 +735,14 @@ int th_unmask_ruri(sip_msg_t *msg)
710 735
 	struct lump* l;
711 736
 	str out;
712 737
 
738
+	/* Do nothing if ruri is not encoded */
739
+	if ((REQ_LINE(msg).uri.len<th_uri_prefix.len) ||
740
+			(strncasecmp(REQ_LINE(msg).uri.s,th_uri_prefix.s,th_uri_prefix.len)!=0))
741
+	{
742
+		LM_DBG("ruri [%.*s] is not encoded",REQ_LINE(msg).uri.len,REQ_LINE(msg).uri.s);
743
+		return 0;
744
+	}
745
+
713 746
 	if(th_get_uri_param_value(&REQ_LINE(msg).uri, &th_uparam_name, &eval)<0
714 747
 			|| eval.len<=0)
715 748
 		return -1;
... ...
@@ -763,6 +796,15 @@ int th_unmask_refer_to(sip_msg_t *msg)
763 796
 	}
764 797
 
765 798
 	uri = &(get_refer_to(msg)->uri);
799
+
800
+	/* Do nothing if refer_to is not encoded */
801
+	if ((uri->len<th_uri_prefix.len)
802
+			|| (strncasecmp(uri->s, th_uri_prefix.s, th_uri_prefix.len)!=0))
803
+	{
804
+		LM_DBG("refer-to [%.*s] is not encoded",uri->len,uri->s);
805
+		return 0;
806
+	}
807
+
766 808
 	if(th_get_uri_param_value(uri, &th_uparam_name, &eval)<0
767 809
 			|| eval.len<=0)
768 810
 		return -1;