From a76c540d8101b6877388855d027ff9e527d4e5db Mon Sep 17 00:00:00 2001 From: Ivan Poddubnyi Date: Mon, 28 Dec 2020 13:43:23 +0100 Subject: [PATCH] res_pjsip_diversion: Fix adding more than one histinfo to Supported New responses sent within a PJSIP sessions are based on those that were sent before. Therefore, adding/modifying a header once causes it to be sent on all responses that follow. Sending 181 Call Is Being Forwarded many times first adds "histinfo" duplicated more and more, and eventually overflows past the array boundary. This commit adds a check preventing adding "histinfo" more than once, and skipping it if there is no more space in the header. --- res/res_pjsip_diversion.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/res/res_pjsip_diversion.c b/res/res_pjsip_diversion.c index 24d178199e..1cc6e0827f 100644 --- a/res/res_pjsip_diversion.c +++ b/res/res_pjsip_diversion.c @@ -120,6 +120,7 @@ static enum AST_REDIRECTING_REASON cause_to_reason(const unsigned long cause) { static int add_supported(pjsip_tx_data *tdata) { pjsip_supported_hdr *hdr; + unsigned int i; hdr = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_SUPPORTED, NULL); if (!hdr) { @@ -132,6 +133,19 @@ static int add_supported(pjsip_tx_data *tdata) pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *)hdr); } + /* Asterisk can send multiple "181 Call forwarded" in a single session, + * we might have already modified Supported before + */ + for (i = 0; i < hdr->count; ++i) { + if (pj_stricmp(&hdr->values[i], &HISTINFO_SUPPORTED_NAME) == 0) { + return 0; + } + } + + if (hdr->count >= PJSIP_GENERIC_ARRAY_MAX_COUNT) { + return -1; + } + /* add on to the existing Supported header */ pj_strassign(&hdr->values[hdr->count++], &HISTINFO_SUPPORTED_NAME); -- 2.26.2