From 48e435f84fc55b6efd6b1d82059857799990d763 Mon Sep 17 00:00:00 2001 From: Mike Bradeen Date: Tue, 25 Jul 2023 10:23:12 -0600 Subject: [PATCH] res_pjsip: disable raw bad packet logging Add patch to split the log level for invalid packets received on the signaling port. The warning regarding the packet will move to level 2 so that it can still be displayed, while the raw packet will be at level 4. --- configs/samples/pjproject.conf.sample | 4 +++ res/res_pjproject.c | 4 ++- .../0020-log-dropped-packet-in-debug.patch | 28 +++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch diff --git a/configs/samples/pjproject.conf.sample b/configs/samples/pjproject.conf.sample index 273384b82b..0c16b4fd56 100644 --- a/configs/samples/pjproject.conf.sample +++ b/configs/samples/pjproject.conf.sample @@ -38,6 +38,10 @@ ; - 5: trace ; - 6: more detailed trace ; +; Note: setting the pjproject debug level to 4 (debug) or above may result in +; raw packets being logged. This should only be enabled during active debugging +; to avoid a potential security issue due to logging injection. +; ;asterisk_error = ; A comma separated list of pjproject log levels to map to ; Asterisk errors. ; (default: "0,1") diff --git a/res/res_pjproject.c b/res/res_pjproject.c index 9bd053b8b1..8eadaee82f 100644 --- a/res/res_pjproject.c +++ b/res/res_pjproject.c @@ -398,7 +398,9 @@ static char *handle_pjproject_set_log_level(struct ast_cli_entry *e, int cmd, st "\n" " Set the maximum active pjproject logging level.\n" " See pjproject.conf.sample for additional information\n" - " about the various levels pjproject uses.\n"; + " about the various levels pjproject uses.\n" + " Note: setting this level at 4 or above may result in\n" + " raw packet logging.\n"; return NULL; case CLI_GENERATE: return NULL; diff --git a/third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch b/third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch new file mode 100644 index 0000000000..240e5c3f40 --- /dev/null +++ b/third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch @@ -0,0 +1,28 @@ +diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c +index 4f483faa1..12439e3ee 100644 +--- a/pjsip/src/pjsip/sip_transport.c ++++ b/pjsip/src/pjsip/sip_transport.c +@@ -2088,15 +2088,17 @@ PJ_DEF(pj_ssize_t) pjsip_tpmgr_receive_packet( pjsip_tpmgr *mgr, + * which were sent to keep NAT bindings. + */ + if (tmp.slen) { +- PJ_LOG(1, (THIS_FILE, +- "Error processing %d bytes packet from %s %s:%d %.*s:\n" +- "%.*s\n" +- "-- end of packet.", ++ PJ_LOG(2, (THIS_FILE, ++ "Dropping %d bytes packet from %s %s:%d %.*s\n", + msg_fragment_size, + rdata->tp_info.transport->type_name, +- rdata->pkt_info.src_name, ++ rdata->pkt_info.src_name, + rdata->pkt_info.src_port, +- (int)tmp.slen, tmp.ptr, ++ (int)tmp.slen, tmp.ptr)); ++ PJ_LOG(4, (THIS_FILE, ++ "Dropped packet:" ++ "%.*s\n" ++ "-- end of packet.", + (int)msg_fragment_size, + rdata->msg_info.msg_buf)); + }