[asterisk-bugs] [Asterisk 0018251]: Realtime field 'fullcontact' populated with invalid data
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Nov 5 04:46:21 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18251
======================================================================
Reported By: bcnit
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18251
Category: Channels/chan_sip/DatabaseSupport
Reproducibility: always
Severity: major
Priority: normal
Status: new
Asterisk Version: 1.6.2.13
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2010-11-04 09:55 CDT
Last Modified: 2010-11-05 04:46 CDT
======================================================================
Summary: Realtime field 'fullcontact' populated with invalid
data
Description:
Using Asterisk realtime, the field 'fullcontact' is populated with invalid
data. The result is that warnings occur when a handset re-registers after
Asterisk has been restarted.
In my case, after a handset registers, the field contains something like:
'spts211..52:04ln=2lbnso30731'
The warnings are:
[Nov 4 14:50:29] WARNING[5157]: chan_sip.c:12302
__set_address_from_contact: Invalid contact uri
spts211..52:04ln=2lbnso30731 (missing sip: or sips:), attempting to use
anyway
[Nov 4 14:50:29] WARNING[5157]: chan_sip.c:12321
__set_address_from_contact: Invalid host name in Contact: (can't resolve in
DNS) : 'spts211..52'
======================================================================
----------------------------------------------------------------------
(0128647) bcnit (reporter) - 2010-11-05 04:46
https://issues.asterisk.org/view.php?id=18251#c128647
----------------------------------------------------------------------
Right, I think I've found the problem.
in res/res_config_odbc.c there is a for-loop which cycles through every
character in the string:
for (; *vptr && eptr < encodebuf + sizeof(encodebuf); vptr++)
The problem appears to be that there are two occurrances of vptr++
elsewhere:
*eptr++ = *vptr++;
and
vptr++;
If these are changed to:
*eptr++ = *vptr;
and
// LINE DELETED!
Then the characters aren't skipped.
However, the semi-colon is substituted with "^3B" so the line to be stored
is:
sip:test201 at 10.6.15.25:2054;line=z3mscbjz
and what's actually stored is:
sip:test201 at 10.6.15.25:2054^3Bline=z3mscbjz
It would appear that although "^3B" is inserted in the string, at some
point this is meant to be translated back to a ";" before it is stored in
the database. This doesn't happen.
I have temporarily resolved this problem by making the two changes to the
'++' as outlined above and then commenting out the chunk of code which
replaces the ';' in the first place. It all now appears to be working well,
but I appreciate that this is a hack and may leave me open to an injection
attack.....
Issue History
Date Modified Username Field Change
======================================================================
2010-11-05 04:46 bcnit Note Added: 0128647
======================================================================
More information about the asterisk-bugs
mailing list