Handle empty elements in generic array header parsing (Supported, Accept, Allow) (#4655)

Author: Copilot

pjsip/src/pjsip/sip_parser.c

@@ -1763,6 +1763,8 @@ PJ_DEF(void) pjsip_parse_end_hdr_imp( pj_scanner *scanner )
 static void parse_generic_array_hdr( pjsip_generic_array_hdr *hdr,
                                      pj_scanner *scanner)
 {
+    pj_str_t elem;
+
     /* Some header fields allow empty elements in the value:
      *   Accept, Allow, Supported
      */
@@ -1778,17 +1780,34 @@ static void parse_generic_array_hdr( pjsip_generic_array_hdr *hdr,
         return;
     }
 
-    pj_scan_get( scanner, &pconst.pjsip_NOT_COMMA_OR_NEWLINE, 
-                 &hdr->values[hdr->count]);
-    hdr->count++;
-
-    while ((hdr->count < PJSIP_GENERIC_ARRAY_MAX_COUNT) &&
-           (*scanner->curptr == ','))
+    /* Parse array elements, skipping any empty elements (for buggy clients).
+     * Scanner is configured with PJ_SCAN_AUTOSKIP_WS_HEADER, so whitespace
+     * is automatically skipped after getting comma or element.
+     */
+    while (hdr->count < PJ_ARRAY_SIZE(hdr->values))
     {
-        pj_scan_get_char(scanner);
-        pj_scan_get( scanner, &pconst.pjsip_NOT_COMMA_OR_NEWLINE, 
-                     &hdr->values[hdr->count]);
-        hdr->count++;
+        /* Skip any leading/consecutive commas */
+        while (*scanner->curptr == ',') {
+            pj_scan_get_char(scanner);
+        }
+        
+        /* Check for end of header */
+        if (pj_scan_is_eof(scanner) || 
+            *scanner->curptr == '\r' || *scanner->curptr == '\n') 
+        {
+            break;
+        }
+        
+        /* Get element */
+        pj_scan_get( scanner, &pconst.pjsip_NOT_COMMA_OR_NEWLINE, &elem);
+        if (elem.slen > 0) {
+            hdr->values[hdr->count++] = elem;
+        }
+        
+        /* If not followed by comma, we're done */
+        if (*scanner->curptr != ',') {
+            break;
+        }
     }
 
 end:

pjsip/src/test/msg_test.c

@@ -948,6 +948,10 @@ static int hdr_test_from(pjsip_hdr *h);
 static int hdr_test_proxy_authenticate(pjsip_hdr *h);
 static int hdr_test_record_route(pjsip_hdr *h);
 static int hdr_test_supported(pjsip_hdr *h);
+static int hdr_test_supported_with_leading_comma(pjsip_hdr *h);
+static int hdr_test_supported_with_trailing_comma(pjsip_hdr *h);
+static int hdr_test_supported_with_multiple_commas(pjsip_hdr *h);
+static int hdr_test_supported_with_middle_commas(pjsip_hdr *h);
 static int hdr_test_to(pjsip_hdr *h);
 static int hdr_test_via(pjsip_hdr *h);
 static int hdr_test_via_ipv6_1(pjsip_hdr *h);
@@ -1128,7 +1132,39 @@ struct hdr_test_t
         /* Empty Supported */
         "Supported", "k",
         "",
-        &hdr_test_supported,
+        &hdr_test_supported
+    },
+
+    {
+        /* Supported with leading comma (buggy MizuDroid format) */
+        "Supported", "k",
+        ",outbound",
+        &hdr_test_supported_with_leading_comma,
+        HDR_FLAG_DONT_PRINT
+    },
+
+    {
+        /* Supported with trailing comma */
+        "Supported", "k",
+        "outbound,",
+        &hdr_test_supported_with_trailing_comma,
+        HDR_FLAG_DONT_PRINT
+    },
+
+    {
+        /* Supported with multiple consecutive commas at beginning */
+        "Supported", "k",
+        ",,,outbound,path",
+        &hdr_test_supported_with_multiple_commas,
+        HDR_FLAG_DONT_PRINT
+    },
+
+    {
+        /* Supported with multiple consecutive commas in middle */
+        "Supported", "k",
+        "outbound,,,path",
+        &hdr_test_supported_with_middle_commas,
+        HDR_FLAG_DONT_PRINT
     },
 
     {
@@ -1735,6 +1771,92 @@ static int hdr_test_supported(pjsip_hdr *h)
     return 0;
 }
 
+/*
+    ",outbound"
+    Test for handling leading comma (buggy MizuDroid format)
+ */
+static int hdr_test_supported_with_leading_comma(pjsip_hdr *h)
+{
+    pjsip_supported_hdr *hdr = (pjsip_supported_hdr*)h;
+
+    if (h->type != PJSIP_H_SUPPORTED)
+        return -2330;
+
+    if (hdr->count != 1)
+        return -2331;
+
+    if (pj_strcmp2(&hdr->values[0], "outbound") != 0)
+        return -2332;
+
+    return 0;
+}
+
+/*
+    "outbound,"
+    Test for handling trailing comma
+ */
+static int hdr_test_supported_with_trailing_comma(pjsip_hdr *h)
+{
+    pjsip_supported_hdr *hdr = (pjsip_supported_hdr*)h;
+
+    if (h->type != PJSIP_H_SUPPORTED)
+        return -2340;
+
+    if (hdr->count != 1)
+        return -2341;
+
+    if (pj_strcmp2(&hdr->values[0], "outbound") != 0)
+        return -2342;
+
+    return 0;
+}
+
+/*
+    ",,,outbound,path"
+    Test for handling multiple consecutive commas at beginning
+ */
+static int hdr_test_supported_with_multiple_commas(pjsip_hdr *h)
+{
+    pjsip_supported_hdr *hdr = (pjsip_supported_hdr*)h;
+
+    if (h->type != PJSIP_H_SUPPORTED)
+        return -2350;
+
+    if (hdr->count != 2)
+        return -2351;
+
+    if (pj_strcmp2(&hdr->values[0], "outbound") != 0)
+        return -2352;
+
+    if (pj_strcmp2(&hdr->values[1], "path") != 0)
+        return -2353;
+
+    return 0;
+}
+
+/*
+    "outbound,,,path"
+    Test for handling multiple consecutive commas in middle
+ */
+static int hdr_test_supported_with_middle_commas(pjsip_hdr *h)
+{
+    pjsip_supported_hdr *hdr = (pjsip_supported_hdr*)h;
+
+    if (h->type != PJSIP_H_SUPPORTED)
+        return -2360;
+
+    if (hdr->count != 2)
+        return -2361;
+
+    if (pj_strcmp2(&hdr->values[0], "outbound") != 0)
+        return -2362;
+
+    if (pj_strcmp2(&hdr->values[1], "path") != 0)
+        return -2363;
+
+    return 0;
+}
+
 /*
     NAME_ADDR GENERIC_PARAM,
  */