From 94e895d4307b9ef9367e33a0827fd83133a0b33a Mon Sep 17 00:00:00 2001
From: Ben Ford <bford@digium.com>
Date: Thu, 21 Apr 2022 10:26:01 -0500
Subject: [PATCH] res_pjsip_stir_shaken.c: Fix enabled when not configured.

There was an issue with the conditional where STIR/SHAKEN would be
enabled even when not configured. It has been changed to ensure that if
a profile does not exist and stir_shaken is not set in pjsip.conf, then
the conditional will return from the function without performing
STIR/SHAKEN operations.

ASTERISK-30024

Change-Id: I41286a3d35b033ccbfbe4129427a62cb793a86e6
---
 res/res_pjsip_stir_shaken.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/res/res_pjsip_stir_shaken.c b/res/res_pjsip_stir_shaken.c
index 0637a6672f..bcc47d5f42 100644
--- a/res/res_pjsip_stir_shaken.c
+++ b/res/res_pjsip_stir_shaken.c
@@ -228,8 +228,13 @@ static int stir_shaken_incoming_request(struct ast_sip_session *session, pjsip_r
 	}
 
 	profile = ast_stir_shaken_get_profile(session->endpoint->stir_shaken_profile);
+	/* Profile should be checked first as it takes priority over anything else.
+	 * If there is a profile and it doesn't have verification enabled, do nothing.
+	 * If there is no profile and the stir_shaken option is either not set or does
+	 * not support verification, do nothing.
+	 */
 	if ((profile && !ast_stir_shaken_profile_supports_verification(profile))
-		&& ((session->endpoint->stir_shaken & AST_SIP_STIR_SHAKEN_VERIFY) == 0)) {
+		|| (!profile && (session->endpoint->stir_shaken & AST_SIP_STIR_SHAKEN_VERIFY) == 0)) {
 		return 0;
 	}
 
@@ -481,8 +486,13 @@ static void stir_shaken_outgoing_request(struct ast_sip_session *session, pjsip_
 	RAII_VAR(struct stir_shaken_profile *, profile, NULL, ao2_cleanup);
 
 	profile = ast_stir_shaken_get_profile(session->endpoint->stir_shaken_profile);
+	/* Profile should be checked first as it takes priority over anything else.
+	 * If there is a profile and it doesn't have attestation enabled, do nothing.
+	 * If there is no profile and the stir_shaken option is either not set or does
+	 * not support attestation, do nothing.
+	 */
 	if ((profile && !ast_stir_shaken_profile_supports_attestation(profile))
-		&& ((session->endpoint->stir_shaken & AST_SIP_STIR_SHAKEN_ATTEST) == 0)) {
+		|| (!profile && (session->endpoint->stir_shaken & AST_SIP_STIR_SHAKEN_ATTEST) == 0)) {
 		return;
 	}
 
-- 
GitLab