From 06e27d3608b7f75003d54dc43b3a067b511f8e7a Mon Sep 17 00:00:00 2001
From: Henning Westerholt <hw@skalatan.de>
Date: Sun, 1 Sep 2019 22:48:39 +0200
Subject: [PATCH] core: improve to-tags to include more randomness and use the
 recommended size from RFC 3261 (GH #1164)

- improve to-tag generation to include more randomness (callid body if available)
- use the recommended size of 32 bit randomness from RFC 3261
- implementation could be further improved by using a cryptographic hash algorithm
- related to GH #1164
---
 src/core/crc.h  |  1 +
 src/core/tags.h | 22 ++++++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/core/crc.h b/src/core/crc.h
index a52348f168c..24ba1d0e15e 100644
--- a/src/core/crc.h
+++ b/src/core/crc.h
@@ -5,6 +5,7 @@
 #include "str.h"
 
 #define CRC16_LEN	4
+#define CRC32_LEN	8
 
 extern unsigned long int crc_32_tab[];
 extern unsigned short int ccitt_tab[];
diff --git a/src/core/tags.h b/src/core/tags.h
index ddfdaae4116..fff879cfaba 100644
--- a/src/core/tags.h
+++ b/src/core/tags.h
@@ -36,10 +36,10 @@
 #include "str.h"
 #include "socket_info.h"
 
-#define TOTAG_VALUE_LEN (MD5_LEN+CRC16_LEN+1)
+#define TOTAG_VALUE_LEN (MD5_LEN+CRC32_LEN+1)
 
 /*! generate variable part of to-tag for a request;
- * it will have length of CRC16_LEN, sufficiently
+ * it will have length of CRC32_LEN, sufficiently
  * long buffer must be passed to the function */
 static inline void calc_crc_suffix( struct sip_msg *msg, char *tag_suffix)
 {
@@ -50,9 +50,23 @@ static inline void calc_crc_suffix( struct sip_msg *msg, char *tag_suffix)
 	if (msg->via1==0) return; /* no via, bad message */
 	suffix_source[0]=msg->via1->host;
 	suffix_source[1]=msg->via1->port_str;
-	if (msg->via1->branch)
-		suffix_source[ss_nr++]=msg->via1->branch->value;
+	if (msg->via1->branch) {
+		suffix_source[2]=msg->via1->branch->value;
+	} else {
+		suffix_source[2].s = NULL;
+		suffix_source[2].len = 0;
+	}
 	crcitt_string_array( tag_suffix, suffix_source, ss_nr );
+
+	suffix_source[0]=msg->via1->port_str;
+	suffix_source[1]=msg->via1->host;
+	if (msg->callid) {
+		suffix_source[2]=msg->callid->body;
+	} else {
+		suffix_source[2].s = NULL;
+		suffix_source[2].len = 0;
+	}
+	crcitt_string_array( tag_suffix+4, suffix_source, ss_nr );
 }
 
 static void inline init_tags( char *tag, char **suffix,