[asterisk-bugs] [JIRA] (ASTERISK-26151) pjsip: AOR regex based retrieval does not escape characters

Joshua Colp (JIRA) noreply at issues.asterisk.org
Sun Jun 26 14:29:56 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-26151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-26151:
-----------------------------------

    Severity: Minor  (was: Major)

> pjsip: AOR regex based retrieval does not escape characters
> -----------------------------------------------------------
>
>                 Key: ASTERISK-26151
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26151
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 13.9.1
>         Environment: Debian Sid
>            Reporter: erebus
>            Severity: Minor
>
> In source file asterisk/res/res_pjsip/location.c, there are several lines which pass AOR identifiers into regular expressions without proper escaping.
> For AORs that include regex metacharacters (such as +0000, bobby+tables or Tables*Bobby), this means that the resulting regex will be incorrect, breaking contact lookups and inbound calling.
> I suggest that AOR identifiers be escaped before being inserted into regular expressions.
> See also:
>https://xkcd.com/327/
>https://community.asterisk.org/t/pjsip-show-contacts-and-pjsip-dial-contacts-dont-see-my-contact-objects-cannot-receive-calls-in-asterisk-13-9-1/67156



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list