[asterisk-bugs] [Asterisk 0014025]: sip register: reserved character check not RFC 3261 compliant

Asterisk Bug Tracker noreply at bugs.digium.com
Sat Dec 6 16:44:10 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14025 
====================================================================== 
Reported By:                ffs
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   14025
Category:                   Channels/chan_sip/Interoperability
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 161411 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-12-05 12:36 CST
Last Modified:              2008-12-06 16:44 CST
====================================================================== 
Summary:                    sip register: reserved character check not RFC 3261
compliant
Description: 
The checking of reserved characters within chan_sip.c is not RFC 3261
compliant.

According to the RFC there are different reserved characters for username
(* auth user), user (* username), password (* secret) and hostname (see
below).
chan_sip compares all above values against the SIP_RESERVED variable which
is defined as ";/?:@&=+$,# ".

This bug avoids registration to sip providers using allowed special
characters within the user part or the authentication user (eg.
bluesip.net, they use a '/' wihtin the auth user).

A backport to the 1.6.0 branch, which is affected also, would be great.
====================================================================== 

---------------------------------------------------------------------- 
 (0095913) diegoviola (reporter) - 2008-12-06 16:44
 http://bugs.digium.com/view.php?id=14025#c95913 
---------------------------------------------------------------------- 
Just use FreeSWITCH, it's a lot better.

Asterisk is worthless and broken software. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-06 16:44 diegoviola     Note Added: 0095913                          
======================================================================




More information about the asterisk-bugs mailing list