From patchwork Sun Sep 25 23:06:14 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 674856
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3sj2tK5dRcz9s9x
	for <patchwork-incoming@ozlabs.org>;
	Mon, 26 Sep 2016 09:12:09 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S941092AbcIYXMH (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 25 Sep 2016 19:12:07 -0400
Received: from mail.us.es ([193.147.175.20]:54544 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S941158AbcIYXHZ (ORCPT <rfc822;netdev@vger.kernel.org>);
	Sun, 25 Sep 2016 19:07:25 -0400
Received: from antivirus1-rhel7.int (unknown [192.168.2.11])
	by mail.us.es (Postfix) with ESMTP id 592D4B6C83
	for <netdev@vger.kernel.org>; Mon, 26 Sep 2016 01:07:22 +0200 (CEST)
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
	by antivirus1-rhel7.int (Postfix) with ESMTP id 483DCDA7F6
	for <netdev@vger.kernel.org>; Mon, 26 Sep 2016 01:07:22 +0200 (CEST)
Received: by antivirus1-rhel7.int (Postfix, from userid 99)
	id 3D63EDA7E9; Mon, 26 Sep 2016 01:07:22 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	antivirus1-rhel7.int
X-Spam-Level: 
X-Spam-Status: No, score=-103.2 required=7.5 tests=BAYES_50,SMTPAUTH_US,
	USER_IN_WHITELIST autolearn=disabled version=3.4.1
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
	by antivirus1-rhel7.int (Postfix) with ESMTP id 121C3DA842
	for <netdev@vger.kernel.org>; Mon, 26 Sep 2016 01:07:20 +0200 (CEST)
Received: from 192.168.1.13 (192.168.1.13) by antivirus1-rhel7.int
	(F-Secure/fsigk_smtp/530/antivirus1-rhel7.int);
	Mon, 26 Sep 2016 01:07:20 +0200 (CEST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/530/antivirus1-rhel7.int)
Received: (qmail 11400 invoked from network); 26 Sep 2016 01:07:19 +0200
Received: from 77.166.216.87.static.jazztel.es (HELO salvia.here)
	(pneira@us.es@87.216.166.77)
	by mail.us.es with SMTP; 26 Sep 2016 01:07:19 +0200
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 04/53] netfilter: nf_ct_sip: correct allowed characters in
	Call-ID SIP header
Date: Mon, 26 Sep 2016 01:06:14 +0200
Message-Id: <1474844823-2026-5-git-send-email-pablo@netfilter.org>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1474844823-2026-1-git-send-email-pablo@netfilter.org>
References: <1474844823-2026-1-git-send-email-pablo@netfilter.org>
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Marco Angaroni <marcoangaroni@gmail.com>

Current parsing methods for SIP header Call-ID do not check correctly all
characters allowed by RFC 3261. In particular "," character is allowed
instead of "'" character. As a result Call-ID headers like the following
are discarded by IPVS SIP persistence engine.

Call-ID: -.!%*_+`'~()<>:\"/[]?{}

Above example is composed using all non-alphanumeric characters listed
in RFC 3261 for Call-ID header syntax.

Proposed fix is in nf_conntrack_sip module; function iswordc() checks this
range: (c >= '(' && c <= '/') which includes these characters: ()*+,-./
They are all allowed except ",". Instead "'" is not included in the list.

Below is an extract of relevant SIP ABNF syntax.

Call-ID  =  ( "Call-ID" / "i" ) HCOLON callid
callid   =  word [ "@" word ]

HCOLON  =  *( SP / HTAB ) ":" SWS
SWS     =  [LWS] ; sep whitespace
LWS     =  [*WSP CRLF] 1*WSP ; linear whitespace
WSP     =  SP / HTAB
word    =  1*(alphanum / "-" / "." / "!" / "%" / "*" /
           "_" / "+" / "`" / "'" / "~" /
           "(" / ")" / "<" / ">" /
           ":" / "\" / DQUOTE /
           "/" / "[" / "]" / "?" /
           "{" / "}" )

Signed-off-by: Marco Angaroni <marcoangaroni@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conntrack_sip.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 251a9a44d189..d8035351aff5 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -83,9 +83,10 @@ static int digits_len(const struct nf_conn *ct, const char *dptr,
 static int iswordc(const char c)
 {
 	if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
-	    (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' ||
+	    (c >= '(' && c <= '+') || c == ':' || c == '<' || c == '>' ||
 	    c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
-	    c == '{' || c == '}' || c == '~')
+	    c == '{' || c == '}' || c == '~' || (c >= '-' && c <= '/') ||
+	    c == '\'')
 		return 1;
 	return 0;
 }