Browse code

permissions: set from uri buffer to empty if not a sip message

- adjustments after merging GH #1584
- avoid using garbage content from the declaration of the buffer
- renamed parameter name to properly suggest is From header URI, given
that R-URI is also part of matching

Daniel-Constantin Mierla authored on 11/07/2018 09:30:48
Showing 3 changed files
... ...
@@ -250,9 +250,10 @@ int hash_table_insert(struct trusted_list** table, char* src_ip,
250 250
  * Returns number of matches or -1 if none matched.
251 251
  */
252 252
 int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
253
-		char *src_ip_c_str, int proto, char *uri)
253
+		char *src_ip_c_str, int proto, char *from_uri)
254 254
 {
255
-	LM_DBG("match_hash_table src_ip: %s, proto: %d, uri: %s\n", src_ip_c_str, proto, uri);
255
+	LM_DBG("match_hash_table src_ip: %s, proto: %d, uri: %s\n", src_ip_c_str,
256
+			proto, from_uri);
256 257
 	str ruri;
257 258
 	char ruri_string[MAX_URI_SIZE + 1];
258 259
 	regex_t preg;
... ...
@@ -281,7 +282,10 @@ int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
281 282
 				((np->proto == PROTO_NONE) || (proto == PROTO_NONE) ||
282 283
 				(np->proto == proto))) {
283 284
 
284
-			LM_DBG("match_hash_table: %d, %s, %s, %s\n", np->proto, (np->pattern ? np->pattern : "null"), (np->ruri_pattern ? np->ruri_pattern : "null"), (np->tag.s ? np->tag.s : "null"));
285
+			LM_DBG("match_hash_table: %d, %s, %s, %s\n", np->proto,
286
+					(np->pattern ? np->pattern : "null"),
287
+					(np->ruri_pattern ? np->ruri_pattern : "null"),
288
+					(np->tag.s ? np->tag.s : "null"));
285 289
 
286 290
 			if (IS_SIP(msg)) {
287 291
 				if (np->pattern) {
... ...
@@ -291,7 +295,7 @@ int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
291 295
 							continue;
292 296
 						}
293 297
 					}
294
-					if (regexec(&preg, uri, 0, (regmatch_t *)0, 0)) {
298
+					if (regexec(&preg, from_uri, 0, (regmatch_t *)0, 0)) {
295 299
 						regfree(&preg);
296 300
 						continue;
297 301
 					}
... ...
@@ -447,9 +447,10 @@ static int match_res(struct sip_msg* msg, int proto, db1_res_t* _r, char* uri)
447 447
  * Checks based on given source IP address and protocol, and From URI
448 448
  * of request if request can be trusted without authentication.
449 449
  */
450
-int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *uri)
450
+int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *from_uri)
451 451
 {
452
-	LM_DBG("allow_trusted src_ip: %s, proto: %d, uri: %s\n", src_ip, proto, uri);
452
+	LM_DBG("allow_trusted src_ip: %s, proto: %d, from_uri: %s\n",
453
+			src_ip, proto, from_uri);
453 454
 	int result;
454 455
 	db1_res_t* res = NULL;
455 456
 
... ...
@@ -491,11 +492,11 @@ int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *uri)
491 492
 			return -1;
492 493
 		}
493 494
 
494
-		result = match_res(msg, proto, res, uri);
495
+		result = match_res(msg, proto, res, from_uri);
495 496
 		perm_dbf.free_result(db_handle, res);
496 497
 		return result;
497 498
 	} else {
498
-		return match_hash_table(*hash_table, msg, src_ip, proto, uri);
499
+		return match_hash_table(*hash_table, msg, src_ip, proto, from_uri);
499 500
 	}
500 501
 }
501 502
 
... ...
@@ -506,29 +507,33 @@ int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *uri)
506 507
  */
507 508
 int allow_trusted_0(struct sip_msg* _msg, char* str1, char* str2)
508 509
 {
509
-	str uri;
510
-	char uri_string[MAX_URI_SIZE+1];
510
+	str furi;
511
+	char furi_string[MAX_URI_SIZE+1];
511 512
 
512 513
 	if (IS_SIP(_msg)) {
513 514
 		if (parse_from_header(_msg) < 0) return -1;
514
-		uri = get_from(_msg)->uri;
515
-		if (uri.len > MAX_URI_SIZE) {
515
+		furi = get_from(_msg)->uri;
516
+		if (furi.len > MAX_URI_SIZE) {
516 517
 			LM_ERR("message has From URI too large\n");
517 518
 			return -1;
518 519
 		}
519 520
 
520
-		memcpy(uri_string, uri.s, uri.len);
521
-		uri_string[uri.len] = (char)0;
521
+		memcpy(furi_string, furi.s, furi.len);
522
+		furi_string[furi.len] = (char)0;
523
+	} else {
524
+		furi_string[0] = '\0';
522 525
 	}
523 526
 
524
-	return allow_trusted(_msg, ip_addr2a(&(_msg->rcv.src_ip)), _msg->rcv.proto, uri_string);
527
+	return allow_trusted(_msg, ip_addr2a(&(_msg->rcv.src_ip)), _msg->rcv.proto,
528
+			furi_string);
525 529
 }
526 530
 
527 531
 /*
528 532
  * Checks based on source address and protocol given in pvar arguments and
529 533
  * provided uri, if request can be trusted without authentication.
530 534
  */
531
-int allow_trusted_1(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, char *uri_string)
535
+int allow_trusted_furi(struct sip_msg* _msg, char* _src_ip_sp,
536
+		char* _proto_sp, char *from_uri)
532 537
 {
533 538
 	str src_ip, proto;
534 539
 	int proto_int;
... ...
@@ -582,7 +587,7 @@ int allow_trusted_1(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, cha
582 587
 			goto error;
583 588
 	}
584 589
 
585
-	return allow_trusted(_msg, src_ip.s, proto_int, uri_string);
590
+	return allow_trusted(_msg, src_ip.s, proto_int, from_uri);
586 591
 error:
587 592
 	LM_ERR("unknown protocol %.*s\n", proto.len, proto.s);
588 593
 	return -1;
... ...
@@ -609,22 +614,24 @@ int allow_trusted_2(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp)
609 614
 		uri_string[uri.len] = (char)0;
610 615
 	}
611 616
 
612
-	return allow_trusted_1(_msg, _src_ip_sp, _proto_sp, uri_string);
617
+	return allow_trusted_furi(_msg, _src_ip_sp, _proto_sp, uri_string);
613 618
 }
614 619
 
615 620
 /*
616 621
  * Checks based on source address and protocol given in pvar arguments and
617 622
  * and requests's From URI, if request can be trusted without authentication.
618 623
  */
619
-int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, char *_uri)
624
+int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp,
625
+		char *_from_uri)
620 626
 {
621
-	str uri;
622
-	if (_uri==NULL || (fixup_get_svalue(_msg, (gparam_p)_uri, &uri) != 0)) {
627
+	str from_uri;
628
+	if (_from_uri==NULL
629
+			|| (fixup_get_svalue(_msg, (gparam_p)_from_uri, &from_uri) != 0)) {
623 630
 		LM_ERR("uri param does not exist or has no value\n");
624 631
 		return -1;
625 632
 	}
626 633
 
627
-	return allow_trusted_1(_msg, _src_ip_sp, _proto_sp, uri.s);
634
+	return allow_trusted_furi(_msg, _src_ip_sp, _proto_sp, from_uri.s);
628 635
 }
629 636
 
630 637
 int reload_trusted_table_cmd(void)
... ...
@@ -79,7 +79,8 @@ int allow_trusted_2(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp);
79 79
  * Checks based on source address and protocol given in pvar arguments and
80 80
  * provided URI, if request can be trusted without authentication.
81 81
  */
82
-int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, char* uri);
82
+int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp,
83
+		char* _from_uri);
83 84
 
84 85
 int reload_trusted_table_cmd(void);
85 86