sip_utils: filter out malformed display names

A malformed UTF-8 sequence in a "From" URI will cause the daemon to crash as soon as it is passed to D-Bus since D-Bus requires its arguments to be valid UTF-8. Added testcase for this case and for the empty "From: " URI case. Refs #49115 Change-Id: Ife0517d1855b724cb003dd36c75aec6249ac763c

sip_utils: filter out malformed display names
7f06de0b · Tristan Matthews · acef7ef8 · 7f06de0b · 7f06de0b
Commit 7f06de0b authored 11 years ago by Tristan Matthews
--- a/daemon/src/sip/sip_utils.cpp
+++ b/daemon/src/sip/sip_utils.cpp
@@ -96,6 +96,14 @@ sip_utils::createRouteSet(const std::string &route, pj_pool_t *hdr_pool)
    return route_set;
 }

+static bool
+isValidUtf8(const std::string &str)
+{
+    std::wstring ws(str.size(), u' ');
+    const size_t wideSize = mbstowcs(&ws[0], str.c_str(), str.size());
+    return wideSize != std::wstring::npos;
+}
+
 // FIXME: replace with regex
 std::string
 sip_utils::parseDisplayName(const char * buffer)
@@ -124,6 +132,9 @@ sip_utils::parseDisplayName(const char * buffer)
      end_displayName = temp.find("<");
      if (end_displayName != std::string::npos) {
          begin_displayName = temp.find_first_not_of(" ", temp.find(":"));
+          if (begin_displayName == std::string::npos)
+              return "";
+
          // omit trailing/leading spaces
          begin_displayName++;
          end_displayName--;
@@ -137,6 +148,12 @@ sip_utils::parseDisplayName(const char * buffer)
    std::string displayName = temp.substr(begin_displayName + 1,
                                          end_displayName - begin_displayName - 1);

+    // Filter out invalid UTF-8 sequences to avoid getting kicked from D-Bus
+    if (not isValidUtf8(displayName)) {
+        ERROR("Invalid UTF-8 sequence detected: %s", displayName.c_str());
+        return "";
+    }
+
    static const size_t MAX_DISPLAY_NAME_SIZE = 25;
    if (displayName.size() > MAX_DISPLAY_NAME_SIZE)
        return displayName.substr(0, MAX_DISPLAY_NAME_SIZE);

--- a/daemon/test/siptest.cpp
+++ b/daemon/test/siptest.cpp
@@ -383,6 +383,8 @@ void SIPTest::testParseDisplayName()
    {"\nFrom: <sip:6926666@4.4.4.4>;tag=4421-D9700", ""},
    {"\nFrom: <sip:pinger@sipwise.local>;tag=01f516a4", ""},
    {"\nFrom: sip:pinger@sipwise.local;tag=01f516a4", ""},
+    {"\nFrom: ", ""},
+    {"\nFrom: \"±\"", ""},
    {"\nFrom: sip:+1212555@server.example.com;tag=887s", ""}};

    for (const auto &t : test_set) {