fix crashing bug when receiving REGISTER with * over tcp/wss

drachtio · Jun 10, 2024 · 146e49d · 146e49d
1 parent ecb2581
commit 146e49d
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 11 deletions.
diff --git a/src/controller.cpp b/src/controller.cpp
@@ -1432,7 +1432,21 @@ namespace drachtio {
                 nta_msg_treply( m_nta, msg, 400, NULL, TAG_END() ) ;
                 return -1 ;
             }
-
+            // additional sanity checks on headers
+            if (sip->sip_error) {
+                auto error_header = sip->sip_error;
+                if (error_header->er_common[0].h_data && error_header->er_common[0].h_len > 0) {
+                    std::string error_string((const char *) error_header->er_common[0].h_data, error_header->er_common[0].h_len);
+                    DR_LOG(log_error) << "DrachtioController::processMessageStatelessly: discarding message due to error: " << error_string;
+                }
+                else {
+                    DR_LOG(log_error) << "DrachtioController::processMessageStatelessly: discarding invalid message";
+                }
+                STATS_COUNTER_INCREMENT(STATS_COUNTER_SIP_RESPONSES_OUT, {{"method", sip->sip_request->rq_method_name},{"code", "400"}})
+                nta_msg_treply( m_nta, msg, 400, NULL, TAG_END() ) ;
+                return -1 ;
+            }
+
             // spammer check
             string action, tcpAction ;
             DrachtioConfig::mapHeader2Values& mapSpammers =  m_Config->getSpammers( action, tcpAction );
@@ -1524,17 +1538,28 @@ namespace drachtio {
                 m_pProxyController->processRequestWithoutRouteHeader( msg, sip ) ;
             }
             else {
-
-                /* optionally reject REGISTER quickly if no sip realm provided */
-                if (m_bRejectRegisterWithNoRealm && sip_method_register == sip->sip_request->rq_method ) {
-                  std::regex ipRegex("^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$");
-                  if (std::regex_match(sip->sip_request->rq_url->url_host, ipRegex)) {
-                    DR_LOG(log_info) << "DrachtioController::processMessageStatelessly: rejecting REGISTER with no realm" ;
-                    STATS_COUNTER_INCREMENT(STATS_COUNTER_SIP_RESPONSES_OUT, {{"method", "REGISTER"},{"code", "403"}})
-                    nta_msg_treply( m_nta, msg, 403, NULL, TAG_END() ) ;
-                    return -1 ;
-                  }
+                if (sip_method_register == sip->sip_request->rq_method) {
+                    /* optionally reject REGISTER quickly if no sip realm provided */
+                    if (m_bRejectRegisterWithNoRealm && sip_method_register == sip->sip_request->rq_method ) {
+                        std::regex ipRegex("^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$");
+                        if (std::regex_match(sip->sip_request->rq_url->url_host, ipRegex)) {
+                            DR_LOG(log_info) << "DrachtioController::processMessageStatelessly: rejecting REGISTER with no realm" ;
+                            STATS_COUNTER_INCREMENT(STATS_COUNTER_SIP_RESPONSES_OUT, {{"method", "REGISTER"},{"code", "403"}})
+                            nta_msg_treply( m_nta, msg, 403, NULL, TAG_END() ) ;
+                            return -1 ;
+                        }
+                    }
+
+                    /* reject register with Contact: * if Expires is not 0 */
+                    if (sip->sip_contact && 0 == strcmp(sip->sip_contact->m_url[0].url_scheme, "*") &&
+                        sip->sip_expires && sip->sip_expires->ex_delta != 0) {
+                        DR_LOG(log_info) << "DrachtioController::processMessageStatelessly: rejecting REGISTER with Contact: * and non-zero Expires" ;
+                        STATS_COUNTER_INCREMENT(STATS_COUNTER_SIP_RESPONSES_OUT, {{"method", "REGISTER"},{"code", "400"}})
+                        nta_msg_treply( m_nta, msg, 400, NULL, TAG_END() ) ;
+                        return -1 ;
+                    }
                 }
+
                 switch (sip->sip_request->rq_method ) {
                     case sip_method_invite:
                     case sip_method_register:
@@ -1803,6 +1828,7 @@ namespace drachtio {
     }
 
     void DrachtioController::cacheTportForSubscription( const char* user, const char* host, int expires, tport_t* tp ) {
+        if (host == nullptr) return;
         string uri ;
         std::shared_ptr<UaInvalidData> pUa = std::make_shared<UaInvalidData>(user, host, expires, tp) ;
         pUa->getUri( uri ) ;
@@ -1824,6 +1850,7 @@ namespace drachtio {
         }
     }
     void DrachtioController::flushTportForSubscription( const char* user, const char* host ) {
+        if (host == nullptr) return;
         string uri = "" ;
         if (user) {
             uri.append(user) ;

diff --git a/test/scenarios/uac-register-with-star-in-contact.xml b/test/scenarios/uac-register-with-star-in-contact.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+
+<!-- This program is free software; you can redistribute it and/or      -->
+<!-- modify it under the terms of the GNU General Public License as     -->
+<!-- published by the Free Software Foundation; either version 2 of the -->
+<!-- License, or (at your option) any later version.                    -->
+<!--                                                                    -->
+<!-- This program is distributed in the hope that it will be useful,    -->
+<!-- but WITHOUT ANY WARRANTY; without even the implied warranty of     -->
+<!-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the      -->
+<!-- GNU General Public License for more details.                       -->
+<!--                                                                    -->
+<!-- You should have received a copy of the GNU General Public License  -->
+<!-- along with this program; if not, write to the                      -->
+<!-- Free Software Foundation, Inc.,                                    -->
+<!-- 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA             -->
+<!--                                                                    -->
+<!--                 Sipp default 'uac' scenario.                       -->
+<!--                                                                    -->
+
+<scenario name="Basic Sipstone UAC">
+  <!-- In client mode (sipp placing calls), the Call-ID MUST be         -->
+  <!-- generated by sipp. To do so, use [call_id] keyword.                -->
+  <send retrans="500">
+    <![CDATA[
+
+      REGISTER sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=80830557
+      To: [service] <sip:[service]@[remote_ip]:[remote_port]>
+      Call-ID: [call_id]
+      CSeq: 1 REGISTER
+      Subject: uac-register-subscribe-publish
+      Contact: *
+      Expires: 0
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+  <recv response="200"/>
+
+</scenario>
+
diff --git a/test/scripts/uas.js b/test/scripts/uas.js
@@ -299,6 +299,14 @@ class App extends Emitter {
     });
   }
 
+  doRegister() {
+    this.srf.register((req, res) => {
+      console.log('sending 200 OK to register');
+      res.send(200);
+    });
+    return this;
+  }
+
   doPresence1() {
     // respond to publish and register immediately
     this.srf.register((req, res) => {

diff --git a/test/test-fixtures-register-with-star-in-contact.json b/test/test-fixtures-register-with-star-in-contact.json
@@ -0,0 +1,8 @@
+[
+  {
+    "server": {"config": "drachtio.conf7.xml", "args": ["--memory-debug"]},
+    "script": {"name": "uas", "function": "doRegister"},
+    "uac": {"name": "uac-register-with-star-in-contact.xml", "target": "127.0.0.1:5090", "transport": "tcp"},
+    "message": "uas: handle incoming register with Contact: *"
+  }
+]