libs/pjproject/patches/0140-Fix-incorrect-unescaping-of-tokens-during-parsing-29.patch

   1 From 3faf1d2b4da553bbaee04f9a13a5d084b381e5fb Mon Sep 17 00:00:00 2001
   2 From: sauwming <ming@teluu.com>
   3 Date: Tue, 4 Jan 2022 15:28:49 +0800
   4 Subject: [PATCH] Fix incorrect unescaping of tokens during parsing (#2933)
   5
   6 ---
   7  pjsip/src/pjsip/sip_parser.c | 29 +++++++++++++++++++++++++----
   8  pjsip/src/test/msg_test.c    |  6 +++---
   9  2 files changed, 28 insertions(+), 7 deletions(-)
  10
  11 --- a/pjsip/src/pjsip/sip_parser.c
  12 +++ b/pjsip/src/pjsip/sip_parser.c
  13 @@ -378,17 +378,23 @@ static pj_status_t init_parser()
  14      PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
  15      pj_cis_add_str( &pconst.pjsip_TOKEN_SPEC, TOKEN);
  16
  17 +    /* Token is allowed to have '%' so we do not need this. */
  18 +    /*
  19      status = pj_cis_dup(&pconst.pjsip_TOKEN_SPEC_ESC, &pconst.pjsip_TOKEN_SPEC);
  20      PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
  21      pj_cis_del_str(&pconst.pjsip_TOKEN_SPEC_ESC, "%");
  22 +    */
  23
  24      status = pj_cis_dup(&pconst.pjsip_VIA_PARAM_SPEC, &pconst.pjsip_TOKEN_SPEC);
  25      PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
  26      pj_cis_add_str(&pconst.pjsip_VIA_PARAM_SPEC, "[:]");
  27
  28 +    /* Token is allowed to have '%' */
  29 +    /*
  30      status = pj_cis_dup(&pconst.pjsip_VIA_PARAM_SPEC_ESC, &pconst.pjsip_TOKEN_SPEC_ESC);
  31      PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
  32      pj_cis_add_str(&pconst.pjsip_VIA_PARAM_SPEC_ESC, "[:]");
  33 +    */
  34
  35      status = pj_cis_dup(&pconst.pjsip_HOST_SPEC, &pconst.pjsip_ALNUM_SPEC);
  36      PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
  37 @@ -1210,7 +1216,11 @@ static void parse_param_imp( pj_scanner
  38                              unsigned option)
  39  {
  40      /* pname */
  41 -    parser_get_and_unescape(scanner, pool, spec, esc_spec, pname);
  42 +    if (!esc_spec) {
  43 +       pj_scan_get(scanner, spec, pname);
  44 +    } else {
  45 +       parser_get_and_unescape(scanner, pool, spec, esc_spec, pname);
  46 +    }
  47
  48      /* init pvalue */
  49      pvalue->ptr = NULL;
  50 @@ -1240,7 +1250,12 @@ static void parse_param_imp( pj_scanner
  51                 // pj_scan_get_until_ch(scanner, ']', pvalue);
  52                 // pj_scan_get_char(scanner);
  53             } else if(pj_cis_match(spec, *scanner->curptr)) {
  54 -               parser_get_and_unescape(scanner, pool, spec, esc_spec, pvalue);
  55 +               if (!esc_spec) {
  56 +                   pj_scan_get(scanner, spec, pvalue);
  57 +               } else {
  58 +                   parser_get_and_unescape(scanner, pool, spec, esc_spec,
  59 +                                           pvalue);
  60 +               }
  61             }
  62         }
  63      }
  64 @@ -1252,7 +1267,10 @@ PJ_DEF(void) pjsip_parse_param_imp(pj_sc
  65                                    unsigned option)
  66  {
  67      parse_param_imp(scanner, pool, pname, pvalue, &pconst.pjsip_TOKEN_SPEC,
  68 -                   &pconst.pjsip_TOKEN_SPEC_ESC, option);
  69 +                   // Token does not need to be unescaped.
  70 +                   // Refer to PR #2933.
  71 +                   // &pconst.pjsip_TOKEN_SPEC_ESC,
  72 +                   NULL, option);
  73  }
  74
  75
  76 @@ -2168,7 +2186,10 @@ static void int_parse_via_param( pjsip_v
  77         pj_scan_get_char(scanner);
  78         parse_param_imp(scanner, pool, &pname, &pvalue,
  79                         &pconst.pjsip_VIA_PARAM_SPEC,
  80 -                       &pconst.pjsip_VIA_PARAM_SPEC_ESC,
  81 +                       // Token does not need to be unescaped.
  82 +                       // Refer to PR #2933.
  83 +                       // &pconst.pjsip_VIA_PARAM_SPEC_ESC,
  84 +                       NULL,
  85                         0);
  86
  87         if (!parser_stricmp(pname, pconst.pjsip_BRANCH_STR) && pvalue.slen) {
  88 --- a/pjsip/src/test/msg_test.c
  89 +++ b/pjsip/src/test/msg_test.c
  90 @@ -953,7 +953,7 @@ static int hdr_test_subject_utf(pjsip_hd
  91
  92
  93  #define GENERIC_PARAM       "p0=a;p1=\"ab:;cd\";p2=ab%3acd;p3"
  94 -#define GENERIC_PARAM_PARSED "p0=a;p1=\"ab:;cd\";p2=ab:cd;p3"
  95 +#define GENERIC_PARAM_PARSED "p0=a;p1=\"ab:;cd\";p2=ab%3acd;p3"
  96  #define PARAM_CHAR          "][/:&+$"
  97  #define SIMPLE_ADDR_SPEC     "sip:host"
  98  #define ADDR_SPEC           SIMPLE_ADDR_SPEC ";"PARAM_CHAR"="PARAM_CHAR ";p1=\";\""
  99 @@ -1401,7 +1401,7 @@ static int generic_param_test(pjsip_para
 100      param = param->next;
 101      if (pj_strcmp2(&param->name, "p2"))
 102         return -956;
 103 -    if (pj_strcmp2(&param->value, "ab:cd"))
 104 +    if (pj_strcmp2(&param->value, "ab%3acd"))
 105         return -957;
 106
 107      param = param->next;
 108 @@ -1621,7 +1621,7 @@ static int hdr_test_content_type(pjsip_h
 109      prm = prm->next;
 110      if (prm == &hdr->media.param) return -1960;
 111      if (pj_strcmp2(&prm->name, "p2")) return -1961;
 112 -    if (pj_strcmp2(&prm->value, "ab:cd")) return -1962;
 113 +    if (pj_strcmp2(&prm->value, "ab%3acd")) return -1962;
 114
 115      prm = prm->next;
 116      if (prm == &hdr->media.param) return -1970;