permissions: set from uri buffer to empty if not a sip message

- adjustments after merging GH #1584
- avoid using garbage content from the declaration of the buffer
- renamed parameter name to properly suggest is From header URI, given
that R-URI is also part of matching

src/modules/permissions/hash.c

@@ -250,9 +250,10 @@ int hash_table_insert(struct trusted_list** table, char* src_ip,
  * Returns number of matches or -1 if none matched.
  */
 int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
-		char *src_ip_c_str, int proto, char *uri)
+		char *src_ip_c_str, int proto, char *from_uri)
 {
-	LM_DBG("match_hash_table src_ip: %s, proto: %d, uri: %s\n", src_ip_c_str, proto, uri);
+	LM_DBG("match_hash_table src_ip: %s, proto: %d, uri: %s\n", src_ip_c_str,
+			proto, from_uri);
 	str ruri;
 	char ruri_string[MAX_URI_SIZE + 1];
 	regex_t preg;
@@ -281,7 +282,10 @@ int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
 				((np->proto == PROTO_NONE) || (proto == PROTO_NONE) ||
 				(np->proto == proto))) {
 
-			LM_DBG("match_hash_table: %d, %s, %s, %s\n", np->proto, (np->pattern ? np->pattern : "null"), (np->ruri_pattern ? np->ruri_pattern : "null"), (np->tag.s ? np->tag.s : "null"));
+			LM_DBG("match_hash_table: %d, %s, %s, %s\n", np->proto,
+					(np->pattern ? np->pattern : "null"),
+					(np->ruri_pattern ? np->ruri_pattern : "null"),
+					(np->tag.s ? np->tag.s : "null"));
 
 			if (IS_SIP(msg)) {
 				if (np->pattern) {
@@ -291,7 +295,7 @@ int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
 							continue;
 						}
 					}
-					if (regexec(&preg, uri, 0, (regmatch_t *)0, 0)) {
+					if (regexec(&preg, from_uri, 0, (regmatch_t *)0, 0)) {
 						regfree(&preg);
 						continue;
 					}

src/modules/permissions/trusted.c

@@ -447,9 +447,10 @@ static int match_res(struct sip_msg* msg, int proto, db1_res_t* _r, char* uri)
  * Checks based on given source IP address and protocol, and From URI
  * of request if request can be trusted without authentication.
  */
-int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *uri)
+int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *from_uri)
 {
-	LM_DBG("allow_trusted src_ip: %s, proto: %d, uri: %s\n", src_ip, proto, uri);
+	LM_DBG("allow_trusted src_ip: %s, proto: %d, from_uri: %s\n",
+			src_ip, proto, from_uri);
 	int result;
 	db1_res_t* res = NULL;
 
@@ -491,11 +492,11 @@ int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *uri)
 			return -1;
 		}
 
-		result = match_res(msg, proto, res, uri);
+		result = match_res(msg, proto, res, from_uri);
 		perm_dbf.free_result(db_handle, res);
 		return result;
 	} else {
-		return match_hash_table(*hash_table, msg, src_ip, proto, uri);
+		return match_hash_table(*hash_table, msg, src_ip, proto, from_uri);
 	}
 }
 
@@ -506,29 +507,33 @@ int allow_trusted(struct sip_msg* msg, char *src_ip, int proto, char *uri)
  */
 int allow_trusted_0(struct sip_msg* _msg, char* str1, char* str2)
 {
-	str uri;
-	char uri_string[MAX_URI_SIZE+1];
+	str furi;
+	char furi_string[MAX_URI_SIZE+1];
 
 	if (IS_SIP(_msg)) {
 		if (parse_from_header(_msg) < 0) return -1;
-		uri = get_from(_msg)->uri;
-		if (uri.len > MAX_URI_SIZE) {
+		furi = get_from(_msg)->uri;
+		if (furi.len > MAX_URI_SIZE) {
 			LM_ERR("message has From URI too large\n");
 			return -1;
 		}
 
-		memcpy(uri_string, uri.s, uri.len);
-		uri_string[uri.len] = (char)0;
+		memcpy(furi_string, furi.s, furi.len);
+		furi_string[furi.len] = (char)0;
+	} else {
+		furi_string[0] = '\0';
 	}
 
-	return allow_trusted(_msg, ip_addr2a(&(_msg->rcv.src_ip)), _msg->rcv.proto, uri_string);
+	return allow_trusted(_msg, ip_addr2a(&(_msg->rcv.src_ip)), _msg->rcv.proto,
+			furi_string);
 }
 
 /*
  * Checks based on source address and protocol given in pvar arguments and
  * provided uri, if request can be trusted without authentication.
  */
-int allow_trusted_1(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, char *uri_string)
+int allow_trusted_furi(struct sip_msg* _msg, char* _src_ip_sp,
+		char* _proto_sp, char *from_uri)
 {
 	str src_ip, proto;
 	int proto_int;
@@ -582,7 +587,7 @@ int allow_trusted_1(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, cha
 			goto error;
 	}
 
-	return allow_trusted(_msg, src_ip.s, proto_int, uri_string);
+	return allow_trusted(_msg, src_ip.s, proto_int, from_uri);
 error:
 	LM_ERR("unknown protocol %.*s\n", proto.len, proto.s);
 	return -1;
@@ -609,22 +614,24 @@ int allow_trusted_2(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp)
 		uri_string[uri.len] = (char)0;
 	}
 
-	return allow_trusted_1(_msg, _src_ip_sp, _proto_sp, uri_string);
+	return allow_trusted_furi(_msg, _src_ip_sp, _proto_sp, uri_string);
 }
 
 /*
  * Checks based on source address and protocol given in pvar arguments and
  * and requests's From URI, if request can be trusted without authentication.
  */
-int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, char *_uri)
+int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp,
+		char *_from_uri)
 {
-	str uri;
-	if (_uri==NULL || (fixup_get_svalue(_msg, (gparam_p)_uri, &uri) != 0)) {
+	str from_uri;
+	if (_from_uri==NULL
+			|| (fixup_get_svalue(_msg, (gparam_p)_from_uri, &from_uri) != 0)) {
 		LM_ERR("uri param does not exist or has no value\n");
 		return -1;
 	}
 
-	return allow_trusted_1(_msg, _src_ip_sp, _proto_sp, uri.s);
+	return allow_trusted_furi(_msg, _src_ip_sp, _proto_sp, from_uri.s);
 }
 
 int reload_trusted_table_cmd(void)

src/modules/permissions/trusted.h

@@ -79,7 +79,8 @@ int allow_trusted_2(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp);
  * Checks based on source address and protocol given in pvar arguments and
  * provided URI, if request can be trusted without authentication.
  */
-int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp, char* uri);
+int allow_trusted_3(struct sip_msg* _msg, char* _src_ip_sp, char* _proto_sp,
+		char* _from_uri);
 
 int reload_trusted_table_cmd(void);