SRV lookups: take hostname from original lookup instead of SRV record

jes · jes · commit 06ded3a1245c · 2023-05-05T12:05:26.000+01:00
This is so that TLS certificate validation looks at the correct
hostname instead of the one in the SRV record.
diff --git a/resolve.c b/resolve.c
@@ -1881,8 +1881,18 @@ struct hostent* sip_resolvehost( str* name, unsigned short* port,
 	}
 
 	he = do_srv_lookup( tmp, port, dn);
-	if (he)
+	if (he) {
+		/* we need to check TLS certificates against the original requested
+		 * hostname, not the name from the SRV record */
+		if (name->len >= MAX_DNS_NAME) {
+			LM_ERR("domain name too long\n");
+			return 0;
+		}
+		memcpy(tmp, name->s, name->len);
+		tmp[name->len] = '\0';
+		he->h_name = tmp;
 		return he;
+	}
 
 	LM_DBG("no valid SRV record found for %s, trying A record lookup...\n",
 		tmp);
