[asterisk-bugs] [JIRA] Created: (ASTERISK-20419) AMI channelvars option can break manager protocol

[Rusty Newton (JIRA)]

AMI channelvars option can break manager protocol
-------------------------------------------------

                 Key: ASTERISK-20419
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20419
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Core/ManagerInterface
    Affects Versions: 11.0.0-beta1
            Reporter: Tim Ringenbach at Asteria Solutions Group


The manager.conf channelvars setting can break the manager protocol in two ways.

Because it uses a header of ChanVariable(channelname), if you do something like this cli command "channel originate Local/700):@all_calls/n application MusicOnHold" then you get headers that look like this:
ChanVariable(Local/700):@all_calls-08ee;2): SIPCALLID=
with extra colons and parentheses. 

(I think there's some more natural ways to get channels with colons in them, don't SIP channel names sometimes include the port number? I used the local channel example to prove that matching parens isn't good enough.)

Since SIP can dial arbitrary urls, if the dialplan involves Dial(Local/{$EXTEN}@context), someone without CLI access could trigger this bug.



The other way, is you can set channelvars to something like SHELL(ls) and then it throws a bunch of new lines into the manager. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira