Bug: Quoted boundary string in outgoing multipart message

sking@xxxxxxxxxx (Steve King) · Fri, 30 Sep 2011 16:13:10 +1000

Hi All, 

When using a quoted boundary identifier for multipart messages, the
output multipart encoding is incorrect and includes the quotes as part
of the boundary identifiers.  Tested on v1.8.10.

Example SIP INVITE out with incorrect boundary identifier:

INVITE sip:sipp at 127.0.200.1:5080 SIP/2.0
Via: SIP/2.0/UDP
127.0.100.1:5060;rport;branch=z9hG4bKPj1faee00e-fccf-47d2-a845-992eb07d1
fdc
Max-Forwards: 70
From: "Steven King"
<sip:test1 at 127.0.100.1>;tag=7014f0cd-169b-4a9a-919b-db39868fc172
To: "sipp" <sip:sipp at 127.0.200.1>
Contact: "Steven King" <sip:test1 at 127.0.100.1:5060>
Call-ID: 794f5354-c908-424f-b4a2-b82e9915e157
CSeq: 30587 INVITE
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE
Supported: replaces, 100rel, timer
Session-Expires: 1800
Min-SE: 90
Date: 2011-09-30 15:59:21+10:00
Content-Type: multipart/mixed;boundary="BLAH BLAH"
Content-Length:   491


--"BLAH BLAH"
Content-Type: application/x--blah
Content-Length:    10

c-rate: 0
--"BLAH BLAH"
Content-Type: application/sdp
Content-Length:   236

v=0
o=test1 at 127.0.100.1:5060 3526351161 3526351161 IN IP4 127.0.100.1
s=pjsip
c=IN IP4 127.0.100.1
t=0 0
m=audio 4000 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=ptime:20
a=sendrecv
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16

--"BLAH BLAH"--

The problem is in sip_multipart.c : multipart_print_body

Below is diff:

Index: sip_multipart.c
===================================================================

--- sip_multipart.c	(revision 23)
+++ sip_multipart.c	(working copy)
@@ -48,6 +48,41 @@
 };
 
 
+/*
+ * Print boundary delimiter in multipart body, taking care
+ * to not print quotes in a quoted boundary parameter.
+ *
+ * @pre assumed that buf has enough space for boundary
+ *
+ * @param buf Location to print boundary string
+ * @param boundary Boundary string to print
+ *
+ * @return number of chars printed to buf  */ static int 
+multipart_print_boundary(char* buf, const pj_str_t* boundary) {
+    char* p;
+    int len = 0;
+    if(!buf || !boundary || !boundary->ptr || boundary->slen == 0)
+        return 0;
+
+    p = boundary->ptr;
+    len = boundary->slen;
+
+    /* Only modify the output if starts/ends with '"' */
+    if(p[0]=='"' && p[boundary->slen-1] == '"') {
+        p++; /* skip '"' */
+        len-=2; /* skip leading/trailing '"' */
+    }
+
+    if(len > 0) {
+        pj_memcpy(buf, p, len);
+    }
+
+    return len;
+}
+
+
 static int multipart_print_body(struct pjsip_msg_body *msg_body,
 			        char *buf, pj_size_t size)
 {
@@ -74,8 +109,7 @@
 	if (SIZE_LEFT() <= (m_data->boundary.slen+8) << 1)
 	    return -1;
 	*p++ = 13; *p++ = 10; *p++ = '-'; *p++ = '-';
-	pj_memcpy(p, m_data->boundary.ptr, m_data->boundary.slen);
-	p += m_data->boundary.slen;
+	p += multipart_print_boundary(p, &m_data->boundary);
 	*p++ = 13; *p++ = 10;
 
 	/* Print optional headers */
@@ -159,8 +193,7 @@
     if (SIZE_LEFT() < m_data->boundary.slen+8)
 	return -1;
     *p++ = 13; *p++ = 10; *p++ = '-'; *p++ = '-';
-    pj_memcpy(p, m_data->boundary.ptr, m_data->boundary.slen);
-    p += m_data->boundary.slen;
+    p += multipart_print_boundary(p, &m_data->boundary);
     *p++ = '-'; *p++ = '-'; *p++ = 13; *p++ = 10;
 
 #undef SIZE_LEFT


BRegards, 

Steve King







