From 62b4f95e8d166991aed08644ecf21ef7dca7e593 Mon Sep 17 00:00:00 2001
From: Thomas Ries <tries@gmx.net>
Date: Mon, 22 Mar 2004 20:26:05 +0000
Subject: [PATCH] - deal with wildcard Contact header for unREGISTER - enhanced
 security tests to survive the PROTOS test

---
 ChangeLog      |  1 +
 src/proxy.c    |  1 -
 src/security.c | 32 ++++++++++++++++++++++++++------
 src/siproxd.c  | 10 ++++++++--
 src/siproxd.h  |  7 +++++++
 5 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7d80bcb..c3fef3d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 0.5.5
 =====
   22-Mar-2004:  - deal with wildcard Contact header for unREGISTER
+                - enhanced security tests to survive the PROTOS test
   21-Mar-2004:  - added ./autogen.sh
                 - security_check_sip: check existence of mandatory headers
   19-Mar-2004:  - proxy_rewrite_invitation_body: check success of
diff --git a/src/proxy.c b/src/proxy.c
index 5462990..cf1b868 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -750,7 +750,6 @@ int proxy_response (osip_message_t *response, struct sockaddr_in *from) {
       /* rewrite Contact header to represent the masqued address */
       sip_rewrite_contact(response, DIR_OUTGOING);
 
-      #define satoi atoi  /* used in MSG_TEST_CODE macro ... */
       /* If an 200 OK or 183 Trying answer to an INVITE request,
        * rewrite body */
       if ((MSG_IS_RESPONSE_FOR(response,"INVITE")) &&
diff --git a/src/security.c b/src/security.c
index 5fca122..5993974 100644
--- a/src/security.c
+++ b/src/security.c
@@ -39,19 +39,38 @@ static char const ident[]="$Id: " __FILE__ ": " PACKAGE "-" VERSION "-"
 
 /*
  * do security and integrity checks on the received packet
- * (raw buffer)
+ * (raw buffer, \0 terminated)
  *
  * RETURNS
  *	STS_SUCCESS if ok 
  * 	STS_FAILURE if the packed did not pass the checks
  */
-int security_check_raw(char *sip_buffer, int size){
+int security_check_raw(char *sip_buffer, int size) {
+   char *p1=NULL, *p2=NULL;
 
+   DEBUGC(DBCLASS_BABBLE,"security_check_raw: size=%i", size);
    /*
     * empiric: size must be >= 16 bytes
     *   2 byte <CR><LF> packets have been seen in the wild
     */
-   if (size<16) return STS_FAILURE;
+   if (size<SEC_MINLEN) return STS_FAILURE;
+
+   /*
+    * make sure no line (up to the next CRLF) is longer than allowed
+    * empiric: a line should not be longer than 256 characters
+    * (libosip may die with "virtual memory exhausted" otherwise)
+    * Ref: protos test suite c07-sip-r2.jar, test case 203
+    */
+   for (p1=sip_buffer; (p1+SEC_MAXLINELEN) < (sip_buffer+size); p1=p2+1) {
+      p2=strchr(p1, 10);
+      if ((p2 == 0) ||                  /* no CRLF found */
+          (p2-p1) > SEC_MAXLINELEN) {   /* longer than allowed */
+         DEBUGC(DBCLASS_SIP,"security_check_raw: line too long or no "
+                            "CRLF found");
+         return STS_FAILURE;
+      }
+   }
+      
 
    /* TODO: still way to go here ... */
    return STS_SUCCESS;
@@ -222,11 +241,12 @@ RFC 3261            SIP: Session Initiation Protocol           June 2002
 
   /*
    * check for existing Contact: header
-   * according to RFC3261 not mandatory, but siproxd relies on it...
+   * according to RFC3261 not mandatory, but siproxd relies on it
+   * on REGISTER...
    */
-   if ((sip->contacts==NULL)||
+   if (MSG_IS_REGISTER(sip) && ((sip->contacts==NULL)||
        (sip->contacts->node==NULL)||(sip->contacts->node->element==NULL)||
-       ((osip_contact_t*)(sip->contacts->node->element))->url==NULL) {
+       ((osip_contact_t*)(sip->contacts->node->element))->url==NULL)) {
       ERROR("security check failed: NULL Contact Header");
       return STS_FAILURE;
    }
diff --git a/src/siproxd.c b/src/siproxd.c
index 722b50d..dde4003 100644
--- a/src/siproxd.c
+++ b/src/siproxd.c
@@ -320,8 +320,14 @@ int main (int argc, char *argv[])
        * (check for loop and return 482 if a loop is detected)
        */
       if (check_vialoop(my_msg) == STS_TRUE) {
-         DEBUGC(DBCLASS_SIP,"via loop detected, ignoring request");
-         sip_gen_response(my_msg, 482 /*Loop detected*/);
+         /* make sure we don't end up in endless loop when detecting
+          * an loop in an "loop detected" message - brrr */
+         if (MSG_IS_RESPONSE(my_msg) && MSG_TEST_CODE(my_msg, 482)) {
+            DEBUGC(DBCLASS_SIP,"loop in loop-response detected, ignoring");
+         } else {
+            DEBUGC(DBCLASS_SIP,"via loop detected, ignoring request");
+            sip_gen_response(my_msg, 482 /*Loop detected*/);
+         }
          goto end_loop; /* skip and free resources */
       }
 
diff --git a/src/siproxd.h b/src/siproxd.h
index 011648d..206b61f 100644
--- a/src/siproxd.h
+++ b/src/siproxd.h
@@ -183,6 +183,11 @@ struct siproxd_config {
    #define GETHOSTBYNAME_BUFLEN 1024
 #endif
 
+/* constants for security testing */
+#define SEC_MINLEN	16	/* minimum received length */
+#define SEC_MAXLINELEN	256	/* maximum acceptable length of one line
+				   in the SIP telegram (security check) */
+
 /* symbols for access control */
 #define ACCESSCTL_SIP	1	/* for access control - SIP allowed	*/
 #define ACCESSCTL_REG	2	/* --"--              - registr. allowed */
@@ -198,3 +203,5 @@ struct siproxd_config {
 #define DIR_INCOMING	1
 #define DIR_OUTGOING	2
 
+/* various */
+#define satoi atoi  /* used in libosips MSG_TEST_CODE macro ... */