From b2dffe4b5cd81182c9c8eabb6c96aac96c7acfe3 Mon Sep 17 00:00:00 2001
From: Bogdan-Andrei Iancu <bogdan@opensips.org>
Date: Wed, 23 Feb 2022 12:42:55 +0200
Subject: [PATCH] [core] fix parse_uri() parsing

Issue discovered during OpenSIPS Security Audit 2022,
	by Alfred Farrugia & Sandro Gauci (Enable Security)

https://github.com/OpenSIPS/opensips/security/advisories/GHSA-358f-935m-7p9c
---
 parser/parse_uri.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/parser/parse_uri.c b/parser/parse_uri.c
index a988744ade0..c1d4bf0bc07 100644
--- a/parser/parse_uri.c
+++ b/parser/parse_uri.c
@@ -1532,7 +1532,8 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
 		case TELS_URI_T:
 			/* fix tel uris, move the number in uri and empty the host */
 			uri->user=uri->host;
-			uri->host.s="";
+			/* TEL does not have a host part, still most of the code expects
+			 * one, so lets keep the pointer, but set a 0 length */
 			uri->host.len=0;
 			break;
 		case SIP_URI_T:
@@ -1543,8 +1544,7 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
 		case URN_NENA_SERVICE_URI_T:
 			uri->user.s=0;
 			uri->user.len=0;
-			uri->host.s="";
-			uri->host.len=0;
+			/* keep the service name as host part */
 			break;
 		case ERROR_URI_T:
 			LM_ERR("unexpected error (BUG?)\n");