Dear all,
While "playing" with the pjsip project, I may have found a problem in the hash.c code (when using PJ_HASH_USE_OWN_TOLOWER) that can lead to mismatched transaction key. This is especialy easy to reproduce with a CANCEL request using sipp:
1- Classic "working" sipp scenario:
INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
...
CANCEL sip:[service]@[remote_ip]:[remote_port] SIP/2.0
[last_Via]
2- Classic "not working" sipp scenario:
INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]_FOO
...
CANCEL sip:[service]@[remote_ip]:[remote_port] SIP/2.0
[last_Via]
In case 2, the "_" char of the Via: branch is converted to lower case using "hash own to lower" (which makes "DEL"), then when searching for the transaction to cancel, the "_" is converted to lower case using libc's tolower (which makes "_"). Watching at the code I think it'll be the same for all char from 64 to 95 that are not in the range [A-Z], ie. @ [ \ ] ^ _
A very simple attached patch worked for me, its basic idea is:
#if defined(PJ_HASH_USE_OWN_TOLOWER) && PJ_HASH_USE_OWN_TOLOWER != 0
#define pj_hash_tolower(c) (((c) & 64)?((c) | 32):(c))
#else
#define pj_hash_tolower(c) pj_tolower(c)
#endif
and use pj_hash_tolower where pj_tolower and PJ_HASH_USE_OWN_TOLOWER (pj_hash_calc_tolower()) are used.
Hope this help,
Ananda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pjproject-2015-07-19-hash-case.patch
Type: text/x-patch
Size: 1902 bytes
Desc: not available
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20150720/b382a25c/attachment.patch>
