From b802ff40c423a8e4587c729bd2c86233d1da7fac Mon Sep 17 00:00:00 2001 From: Razvan Crainea Date: Tue, 20 Aug 2024 15:00:16 +0300 Subject: [PATCH] tm: fix bogus contact built without domain When fixing headers for fake messages (`fix_fake_req_headers` func), the function was looking for lumps that were removing the contact, because it would assume they will be the same that would add a new one (i.e. `fix_nated_contact`). However, the `toppology_hiding("U")` function, would create a del lump, but then adding 3 lumps over it. This would make the fixing bogusly learning the contact as "sip:$user" instead of hole URI. The fix for this was to make sure that there is only one ADD lump, otherwise it would point to a shorter (broken) URI. Credits go to David Trihy from Genesys for reporting and helping us troubleshoot. (cherry picked from commit de50249961a25fdf3defbe77601c45c2dd2f0399) --- modules/tm/t_msgbuilder.h | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/tm/t_msgbuilder.h b/modules/tm/t_msgbuilder.h index f2d7833457d..1ba961d8b8f 100644 --- a/modules/tm/t_msgbuilder.h +++ b/modules/tm/t_msgbuilder.h @@ -140,6 +140,7 @@ static inline int fix_fake_req_headers(struct sip_msg *req) struct hdr_field *hdr; struct lump *ld, *la; contact_t *c; + int enclosed; if (clone_headers(req, req) < 0) { LM_ERR("could not clone headers list!\n"); @@ -168,10 +169,16 @@ static inline int fix_fake_req_headers(struct sip_msg *req) la->type, ld->u.offset, ld->len, (int)(c->uri.s-req->buf), c->uri.len); */ if (la->op == LUMP_ADD && la->type == HDR_CONTACT_T && - ld->u.offset == c->uri.s-req->buf && - ld->len == c->uri.len) { + ld->u.offset == c->uri.s-req->buf) { + /* if we don't have the same length as the URI was + * initially pointing (excluding quotes), then this is + * not the actual URI + */ + enclosed = (la->len > 2 && la->u.value[0] == '<'); + if (la->len != (c->uri.len + (enclosed?2:0))) + continue; /* if enclosed, skip enclosing */ - if (la->u.value[0] == '<') { + if (enclosed) { c->uri.s = la->u.value + 1; c->uri.len = la->len - 2; } else {