RedirectPlugin::LookUpStatus SipRedirectorGateway::lookUp( const SipMessage& message, const UtlString& requestString, const Url& requestUri, const UtlString& method, ContactList& contactList, RequestSeqNo requestSeqNo, int redirectorNo, SipRedirectorPrivateStorage*& privateStorage, ErrorDescriptor& errorDescriptor) { UtlString userId; requestUri.getUserId(userId); OsSysLog::add(FAC_SIP, PRI_DEBUG, "%s::lookUp " "userId = '%s'", mLogName.data(), userId.data()); // Test for the presence of the prefix. const char* user = userId.data(); int prefix_length = mPrefix.length(); // Compare the prefix. if (strncmp(user, mPrefix.data(), prefix_length) == 0) { // Extract the full routing prefix. UtlString routing_prefix(userId.data(), prefix_length + mDigits); // Look up the routing prefix in the map. mMapLock.acquire(); UtlContainable* value = mMapUserToContacts.findValue(&routing_prefix); if (value) { // Have to make a copy of the string, as the map entry might get // changed later. UtlString hostpart(*(dynamic_cast <UtlString*> (value))); mMapLock.release(); if (!hostpart.isNull()) { // Add the contact. UtlString s("sip:"); s.append(hostpart); Url uri(s); // The remainder of userId becomes the userId to the gateway. uri.setUserId(&userId.data()[prefix_length + mDigits]); // Add the contact. contactList.add( uri, *this ); } } else { mMapLock.release(); } } return RedirectPlugin::SUCCESS; }
// is a URL malformed? bool HTTPHeader::malformedURL(const String& url) { String host(url.after("://")); if (host.contains("/")) host = host.before("/"); if (host.length() < 2) { #ifdef DGDEBUG std::cout << "host len too small" << std::endl; #endif return true; } if (host.contains(":")) host = host.before(":"); if (host.contains("..") || host.endsWith(".")) { #ifdef DGDEBUG std::cout << "double dots in domain name" << std::endl; #endif return true; } int i, len; unsigned char c; len = host.length(); bool containsletter = false; for (i = 0; i < len; i++) { c = (unsigned char) host[i]; // If it contains something other than numbers, dots, or [a-fx] (hex encoded IPs), // IP obfuscation can be ruled out. if (!containsletter && (((c < '0') || (c > '9')) && (c != '.') && (c != 'x') && (c != 'X') && ((c < 'a') || (c > 'f')) && ((c < 'A') || (c > 'F')))) containsletter = true; if (!(c >= 'a' && c <= 'z') && !(c >= 'A' && c <= 'Z') && !(c >= '0' && c <= '9') && c != '.' && c != '-' && c != '_') { #ifdef DGDEBUG std::cout << "bad char in hostname" << std::endl; #endif return true; // only allowed letters, digits, hiphen, dots } } // no IP obfuscation going on if (containsletter) return false; #ifdef DGDEBUG else std::cout << "Checking for IP obfuscation in " << host << std::endl; #endif // Check no IP obfuscation is going on // This includes IPs encoded as a single decimal number, // fully or partly hex encoded, and octal encoded bool first = true; bool obfuscation = false; if (host.endsWith(".")) host.chop(); do { if (!first) host = host.after("."); first = false; String hostpart(host); if (host.contains(".")) hostpart = hostpart.before("."); // If any part of the host starts with a letter, any letter, // then we must have a hostname rather than an IP (obscured // or otherwise). TLDs never start with a number. if ((hostpart[0] >= 'a' && hostpart[0] <= 'z') || (hostpart[0] >= 'A' && hostpart[0] <= 'Z')) return false; // If any part of the host begins with 0, it may be hex or octal if ((hostpart[0] == '0') && (hostpart.length() > 1)) { obfuscation = true; continue; } // Also check range, for decimal obfuscation. int part = hostpart.toInteger(); if ((part < 0) || (part > 255)) obfuscation = true; } while (host.contains(".")); // If we have any obfuscated parts, and haven't proven it's a hostname, it's invalid. return obfuscation; }