From f2a4cb60d2928f96b5300011aa8398d14c8e22a2 Mon Sep 17 00:00:00 2001 From: Guillaume BIENKOWSKI Date: Thu, 15 Jan 2015 11:37:20 +0100 Subject: [PATCH] Fix a crash when an absolute address is passed to linphone_core_invite. See bug #2009. --- coreapi/bellesip_sal/sal_op_call.c | 5 +++++ coreapi/bellesip_sal/sal_op_events.c | 3 +++ coreapi/bellesip_sal/sal_op_impl.c | 23 ++++++++++++++++++++--- coreapi/bellesip_sal/sal_op_message.c | 3 +++ coreapi/bellesip_sal/sal_op_presence.c | 6 ++++-- coreapi/bellesip_sal/sal_op_publish.c | 9 +++++++++ 6 files changed, 44 insertions(+), 5 deletions(-) diff --git a/coreapi/bellesip_sal/sal_op_call.c b/coreapi/bellesip_sal/sal_op_call.c index 921184cf6..da9871cec 100644 --- a/coreapi/bellesip_sal/sal_op_call.c +++ b/coreapi/bellesip_sal/sal_op_call.c @@ -687,6 +687,11 @@ int sal_call(SalOp *op, const char *from, const char *to){ ms_message("[%s] calling [%s] on op [%p]", from, to, op); invite=sal_op_build_request(op,"INVITE"); + if( invite == NULL ){ + /* can happen if the op has an invalid address */ + return -1; + } + sal_op_fill_invite(op,invite); sal_op_call_fill_cbs(op); diff --git a/coreapi/bellesip_sal/sal_op_events.c b/coreapi/bellesip_sal/sal_op_events.c index 4409c73a3..d4a24bd9b 100644 --- a/coreapi/bellesip_sal/sal_op_events.c +++ b/coreapi/bellesip_sal/sal_op_events.c @@ -198,6 +198,9 @@ int sal_subscribe(SalOp *op, const char *from, const char *to, const char *event sal_op_subscribe_fill_cbs(op); /*???sal_exosip_fix_route(op); make sure to ha ;lr*/ req=sal_op_build_request(op,"SUBSCRIBE"); + if( req == NULL ) { + return -1; + } if (eventname){ if (op->event) belle_sip_object_unref(op->event); op->event=belle_sip_header_create("Event",eventname); diff --git a/coreapi/bellesip_sal/sal_op_impl.c b/coreapi/bellesip_sal/sal_op_impl.c index 2e68146a0..451ac0f56 100644 --- a/coreapi/bellesip_sal/sal_op_impl.c +++ b/coreapi/bellesip_sal/sal_op_impl.c @@ -150,20 +150,37 @@ belle_sip_request_t* sal_op_build_request(SalOp *op,const char* method) { belle_sip_provider_t* prov=op->base.root->prov; belle_sip_request_t *req; belle_sip_uri_t* req_uri; + belle_sip_uri_t* to_uri; + + const SalAddress* to_address; const MSList *elem=sal_op_get_route_addresses(op); char token[10]; + /* check that the op has a correct to address */ + to_address = sal_op_get_to_address(op); + if( to_address == NULL ){ + ms_error("No To: address, cannot build request"); + return NULL; + } + + to_uri = belle_sip_header_address_get_uri(BELLE_SIP_HEADER_ADDRESS(to_address)); + if( to_uri == NULL ){ + ms_error("To: address is invalid, cannot build request"); + return NULL; + } + if (strcmp("REGISTER",method)==0 || op->privacy==SalPrivacyNone) { - from_header = belle_sip_header_from_create(BELLE_SIP_HEADER_ADDRESS(sal_op_get_from_address(op)) + from_header = belle_sip_header_from_create(BELLE_SIP_HEADER_ADDRESS(to_address) ,belle_sip_random_token(token,sizeof(token))); } else { from_header=belle_sip_header_from_create2("Anonymous ",belle_sip_random_token(token,sizeof(token))); } /*make sure to preserve components like headers or port*/ - req_uri = (belle_sip_uri_t*)belle_sip_object_clone((belle_sip_object_t*)belle_sip_header_address_get_uri(BELLE_SIP_HEADER_ADDRESS(sal_op_get_to_address(op)))); + + req_uri = (belle_sip_uri_t*)belle_sip_object_clone((belle_sip_object_t*)to_uri); belle_sip_uri_set_secure(req_uri,sal_op_is_secure(op)); - to_header = belle_sip_header_to_create(BELLE_SIP_HEADER_ADDRESS(sal_op_get_to_address(op)),NULL); + to_header = belle_sip_header_to_create(BELLE_SIP_HEADER_ADDRESS(to_address),NULL); req=belle_sip_request_create( req_uri, diff --git a/coreapi/bellesip_sal/sal_op_message.c b/coreapi/bellesip_sal/sal_op_message.c index 3324cefb7..017845833 100644 --- a/coreapi/bellesip_sal/sal_op_message.c +++ b/coreapi/bellesip_sal/sal_op_message.c @@ -172,6 +172,9 @@ int sal_message_send(SalOp *op, const char *from, const char *to, const char* co op->dir=SalOpDirOutgoing; req=sal_op_build_request(op,"MESSAGE"); + if (req == NULL ){ + return -1; + } if (sal_op_get_contact_address(op)){ belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(sal_op_create_contact(op))); } diff --git a/coreapi/bellesip_sal/sal_op_presence.c b/coreapi/bellesip_sal/sal_op_presence.c index 23db49e6f..6de0a0fbf 100644 --- a/coreapi/bellesip_sal/sal_op_presence.c +++ b/coreapi/bellesip_sal/sal_op_presence.c @@ -306,8 +306,10 @@ int sal_subscribe_presence(SalOp *op, const char *from, const char *to, int expi belle_sip_parameters_remove_parameter(BELLE_SIP_PARAMETERS(op->base.from_address),"tag"); belle_sip_parameters_remove_parameter(BELLE_SIP_PARAMETERS(op->base.to_address),"tag"); req=sal_op_build_request(op,"SUBSCRIBE"); - belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),op->event); - belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(belle_sip_header_expires_create(expires))); + if( req ){ + belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),op->event); + belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(belle_sip_header_expires_create(expires))); + } return sal_op_send_request(op,req); } diff --git a/coreapi/bellesip_sal/sal_op_publish.c b/coreapi/bellesip_sal/sal_op_publish.c index 2655c58d2..17ef8e8db 100644 --- a/coreapi/bellesip_sal/sal_op_publish.c +++ b/coreapi/bellesip_sal/sal_op_publish.c @@ -76,6 +76,11 @@ int sal_publish_presence(SalOp *op, const char *from, const char *to, int expire op->type=SalOpPublish; req=sal_op_build_request(op,"PUBLISH"); + + if( req == NULL ){ + return -1; + } + if (sal_op_get_contact_address(op)){ belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(sal_op_create_contact(op))); } @@ -101,6 +106,10 @@ int sal_publish(SalOp *op, const char *from, const char *to, const char *eventna sal_op_publish_fill_cbs(op); req=sal_op_build_request(op,"PUBLISH"); + if( req == NULL ){ + return -1; + } + if (sal_op_get_contact_address(op)){ belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(sal_op_create_contact(op))); }