From 48e435f84fc55b6efd6b1d82059857799990d763 Mon Sep 17 00:00:00 2001
From: Mike Bradeen <mbradeen@sangoma.com>
Date: Tue, 25 Jul 2023 10:23:12 -0600
Subject: [PATCH] res_pjsip: disable raw bad packet logging

Add patch to split the log level for invalid packets received on the
signaling port.  The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
---
 configs/samples/pjproject.conf.sample         |  4 +++
 res/res_pjproject.c                           |  4 ++-
 .../0020-log-dropped-packet-in-debug.patch    | 28 +++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch

diff --git a/configs/samples/pjproject.conf.sample b/configs/samples/pjproject.conf.sample
index 273384b82b..0c16b4fd56 100644
--- a/configs/samples/pjproject.conf.sample
+++ b/configs/samples/pjproject.conf.sample
@@ -38,6 +38,10 @@
 ;  - 5: trace
 ;  - 6: more detailed trace
 ;
+; Note:  setting the pjproject debug level to 4 (debug) or above may result in
+; raw packets being logged. This should only be enabled during active debugging
+; to avoid a potential security issue due to logging injection.
+;
 ;asterisk_error =    ; A comma separated list of pjproject log levels to map to
                      ; Asterisk errors.
                      ; (default: "0,1")
diff --git a/res/res_pjproject.c b/res/res_pjproject.c
index 9bd053b8b1..8eadaee82f 100644
--- a/res/res_pjproject.c
+++ b/res/res_pjproject.c
@@ -398,7 +398,9 @@ static char *handle_pjproject_set_log_level(struct ast_cli_entry *e, int cmd, st
 			"\n"
 			"       Set the maximum active pjproject logging level.\n"
 			"       See pjproject.conf.sample for additional information\n"
-			"       about the various levels pjproject uses.\n";
+			"       about the various levels pjproject uses.\n"
+			"       Note: setting this level at 4 or above may result in\n"
+			"       raw packet logging.\n";
 		return NULL;
 	case CLI_GENERATE:
 		return NULL;
diff --git a/third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch b/third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch
new file mode 100644
index 0000000000..240e5c3f40
--- /dev/null
+++ b/third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch
@@ -0,0 +1,28 @@
+diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
+index 4f483faa1..12439e3ee 100644
+--- a/pjsip/src/pjsip/sip_transport.c
++++ b/pjsip/src/pjsip/sip_transport.c
+@@ -2088,15 +2088,17 @@ PJ_DEF(pj_ssize_t) pjsip_tpmgr_receive_packet( pjsip_tpmgr *mgr,
+              * which were sent to keep NAT bindings.
+              */
+             if (tmp.slen) {
+-                PJ_LOG(1, (THIS_FILE, 
+-                      "Error processing %d bytes packet from %s %s:%d %.*s:\n"
+-                      "%.*s\n"
+-                      "-- end of packet.",
++                PJ_LOG(2, (THIS_FILE,
++                      "Dropping %d bytes packet from %s %s:%d %.*s\n",
+                       msg_fragment_size,
+                       rdata->tp_info.transport->type_name,
+-                      rdata->pkt_info.src_name, 
++                      rdata->pkt_info.src_name,
+                       rdata->pkt_info.src_port,
+-                      (int)tmp.slen, tmp.ptr,
++                      (int)tmp.slen, tmp.ptr));
++                PJ_LOG(4, (THIS_FILE,
++                      "Dropped packet:"
++                      "%.*s\n"
++                      "-- end of packet.",
+                       (int)msg_fragment_size,
+                       rdata->msg_info.msg_buf));
+             }