[asterisk-bugs] [JIRA] (ASTERISK-25138) Unclosed parenthesis in AGI argument leads to further arguments concatenated - parameter quoting not respected

alexr1 (JIRA) noreply at issues.asterisk.org
Sat Jun 6 01:41:33 CDT 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=226460#comment-226460 ] 

alexr1 commented on ASTERISK-25138:
-----------------------------------

@Richard I find that AGI's process much faster when passing the variables I need as arguments (and in this case I wanted to keep track of the original untouched CID name in case of applying a new prefix to it).

@Rusty I like the idea of parameter quoting, however according to that doc the double quotes would be passed onto the command. I've got a couple of points in respect to that:
1) I think this should be able to work without parameter quoting, which seems to be for a different purpose (explicit data types, rather than the way individual arguments are evaluated and passed between functions)
2) If the fix was just to add quotes, then it will cause a lot of dialplan and AGI work to prevent this bug from occurring (leaving people susceptible to attacks)
3) At the core of it, shouldn't we be checking how variables and arguments are evaluated before being passed to a function (regardless of quotes to determine object type)? and why/how anything in variable could be evaluated outside of the scope of the single argument that it is?

I don't have an understanding of how it works for Asterisk, but after that argument is evaluated, if it is a string - shouldn't it automatically escape all special characters before submitting all of the arguments to the function (which apparently happens as a string for AGI's?)

Thank you both for taking the time to look into this!

> Unclosed parenthesis in AGI argument leads to further arguments concatenated - parameter quoting not respected
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25138
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25138
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/General, Resources/res_agi
>    Affects Versions: 11.10.2, 13.4.0
>         Environment: Asterisk 11.10.2
>            Reporter: alexr1
>            Severity: Minor
>
> This is an observation from our production environment. Currently we don't have anything higher than 11.10.2 running, so I can't test it on more recent versions.
> I'm passing a variable (PBXCIDNAME) to PBXIN.php as the third argument. The PBXCIDNAME is "Example Long Caller ID Name (" and so it ends with an open parenthesis (Note, when there is a closed parenthesis, everything works normally!). For some reason, this causes asterisk to combine the arguments that follow with the third argument, resulting in:
> agi_arg_1: 1234567890
> agi_arg_2: 0399999999
> agi_arg_3: Example Long Caller ID Name (,,29457297,,SIP/example-00073f0f
> Instead of:
> agi_arg_1: 1234567890
> agi_arg_2: 0399999999
> agi_arg_3: Example Long Caller ID Name (
> agi_arg_4:
> agi_arg_5: 29457297
> agi_arg_6:
> agi_arg_7: SIP/example-00073f0f
> Steps to reproduce the problem:
> Extensions.conf:
> {code}
> exten => s,8,AGI(PBXIN.php,${FROM_DID},${PBXCID},${PBXCIDNAME},${PBXVR},${PBXCALLID},${PBXWL},${CHANNEL})
> {code}
> Console:
> {code}
> -- Executing [s at pbx-incoming:8] AGI("SIP/example-00073f0f", "PBXIN.php,1234567890,0399999999,Example Long Caller ID Name (,,29457297,,SIP/example-00073f0f") in new stack
> {code}
> AGI Debug Log:
> {code}
> AGI Tx >> agi_request: PBXIN.php
> AGI Tx >> agi_channel: SIP/example-00073f0f
> AGI Tx >> agi_language: en
> AGI Tx >> agi_type: SIP
> AGI Tx >> agi_uniqueid: 1432778055.480828
> AGI Tx >> agi_version: 11.10.2
> AGI Tx >> agi_callerid: 0399999999
> AGI Tx >> agi_calleridname: Example Long Caller ID Name (
> AGI Tx >> agi_callingpres: 0
> AGI Tx >> agi_callingani2: 0
> AGI Tx >> agi_callington: 0
> AGI Tx >> agi_callingtns: 0
> AGI Tx >> agi_dnid: 1234567890
> AGI Tx >> agi_rdnis: unknown
> AGI Tx >> agi_context: pbx-incoming
> AGI Tx >> agi_extension: s
> AGI Tx >> agi_priority: 8
> AGI Tx >> agi_enhanced: 0.0
> AGI Tx >> agi_accountcode:
> AGI Tx >> agi_threadid: 139894436325120
> AGI Tx >> agi_arg_1: 1234567890
> AGI Tx >> agi_arg_2: 0399999999
> AGI Tx >> agi_arg_3: Example Long Caller ID Name (,,29457297,,SIP/example-00073f0f
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list