From 50874946a4be146008ff54dd7eb64a389677d3ce Mon Sep 17 00:00:00 2001
From: Wenpeng Song <wenpeng.song@genexis.eu>
Date: Tue, 10 Jun 2025 16:39:58 +0200
Subject: [PATCH] Reply 403 to UA behind IPPBX while auth failed, REF 17177

- Reply 403 to IPPBX client while auth failed
- Guard dt log in case of NULL pointer access
---
 res/res_pjsip/pjsip_distributor.c | 35 +++++++++++++++++--------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/res/res_pjsip/pjsip_distributor.c b/res/res_pjsip/pjsip_distributor.c
index 87549a6eb4..3d50847d86 100644
--- a/res/res_pjsip/pjsip_distributor.c
+++ b/res/res_pjsip/pjsip_distributor.c
@@ -956,16 +956,9 @@ static void disable_registrar_uci(char* registrar)
 
 static pj_bool_t authenticate(pjsip_rx_data *rdata)
 {
-	pjsip_sip_uri *client_uri = NULL;
-	pjsip_contact_hdr *contact_hdr = NULL;
 	RAII_VAR(struct ast_sip_endpoint *, endpoint, ast_pjsip_rdata_get_endpoint(rdata), ao2_cleanup);
 	int is_ack = rdata->msg_info.msg->line.req.method.id == PJSIP_ACK_METHOD;
 
-	contact_hdr = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
-	if(contact_hdr){
-		client_uri = pjsip_uri_get_uri(contact_hdr->uri);
-	}
-
 	ast_assert(endpoint != NULL);
 
 	if (is_ack) {
@@ -996,18 +989,28 @@ static pj_bool_t authenticate(pjsip_rx_data *rdata)
 			ast_sip_report_auth_success(endpoint, rdata);
 			break;
 		case AST_SIP_AUTHENTICATION_FAILED:
-			log_failed_request(rdata, "Failed to authenticate", 0, 0);
-			ast_sip_report_auth_failed_challenge_response(endpoint, rdata);
-			struct pjsip_status_line status = tdata->msg->line.status;
-			/* IPX101 and disable registrar */
-			ast_log_dt(LOG_EVENT_CODE_IPX101, (int) client_uri->user.slen, client_uri->user.ptr, status.code, (int) client_uri->host.slen, client_uri->host.ptr);
-			ast_copy_pj_str(client, &client_uri->user, sizeof(client));
-			if (client[0] != '\0') {
-				disable_registrar_uci(client);
-			}
+			pjsip_tx_data_dec_ref(tdata); // dec_ref for tdata with 401
+			pjsip_endpt_create_response(ast_sip_get_pjsip_endpoint(), rdata, 403, NULL, &tdata); // create tdata with 403
 			if (pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL) != PJ_SUCCESS) {
 				pjsip_tx_data_dec_ref(tdata);
 			}
+			log_failed_request(rdata, "Failed to authenticate", 0, 0);
+			ast_sip_report_auth_failed_challenge_response(endpoint, rdata);
+			if (rdata && rdata->msg_info.msg) {
+				pjsip_contact_hdr *contact_hdr = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
+				if (contact_hdr && contact_hdr->uri) {
+					pjsip_sip_uri *client_uri = pjsip_uri_get_uri(contact_hdr->uri);
+					/* IPX101 and disable registrar */
+					if (client_uri) {
+						ast_log_dt(LOG_EVENT_CODE_IPX101, (int) client_uri->user.slen, client_uri->user.ptr, 403, (int) client_uri->host.slen, client_uri->host.ptr);
+
+						ast_copy_pj_str(client, &client_uri->user, sizeof(client));
+						if (client[0] != '\0') {
+							disable_registrar_uci(client);
+						}
+					}
+				}
+			}
 			return PJ_TRUE;
 		case AST_SIP_AUTHENTICATION_ERROR:
 			log_failed_request(rdata, "Error to authenticate", 0, 0);
-- 
GitLab