[asterisk-bugs] [JIRA] (ASTERISK-21295) Sip registration fails, wrong parsing when secret has parentheses symbol

Michael L. Young (JIRA) noreply at issues.asterisk.org
Mon Mar 18 13:30:01 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-21295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=204375#comment-204375 ] 

Michael L. Young commented on ASTERISK-21295:
---------------------------------------------

Here is some info I looked up.  Putting it here for reference.

We will have to look into the parentheses, "(".

It is recommended not to use brackets, "[".  If it is used, it must be escaped.

http://tools.ietf.org/html/rfc3261
RFC3261
25.1
{quote}
password         =  *( unreserved / escaped /
                    "&" / "=" / "+" / "$" / "," )
{quote}

http://www.ietf.org/rfc/rfc2396.txt
RFC2396
{quote}
2.3. Unreserved Characters

   Data characters that are allowed in a URI but do not have a reserved
   purpose are called unreserved.  These include upper and lower case
   letters, decimal digits, and a limited set of punctuation marks and
   symbols.

      unreserved  = alphanum | mark

      mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"

   Unreserved characters can be escaped without changing the semantics
   of the URI, but this should not be done unless the URI is being used
   in a context that does not allow the unescaped character to appear.

{quote}

RFC2396
2.4.3. Excluded US-ASCII Characters
{quote}
Other characters are excluded because gateways and other transport
   agents are known to sometimes modify such characters, or they are
   used as delimiters.

   unwise      = "\{" | "\}" | "|" | "\" | "^" | "[" | "]" | "`"

   Data corresponding to excluded characters must be escaped in order to
   be properly represented within a URI.

{quote}
                
> Sip registration fails, wrong parsing when secret has parentheses symbol
> ------------------------------------------------------------------------
>
>                 Key: ASTERISK-21295
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21295
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 11.2.1
>         Environment: CentOS 6.4 32 bit
>            Reporter: Alisher
>         Attachments: cli_log.txt, sip.conf
>
>
> The registration fails when secret has parentheses () or bracket [] symbols  for instance 
> secret=2134(asffd or secret=2134[asffd. There could be more, but so far I can confirm issue with parentheses and brackets.
> When we try to register the following:
>  register=username:"sec?(Ret":authuser at domain:port/extension
> Asterisk will parse secret as sec?(Ret:authuser. As a result it parses wrong password and leaves authuser blank.
> This works fine with Asterisk 1.4 version.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list