[asterisk-bugs] [JIRA] (ASTERISK-26151) pjsip: AOR regex based retrieval does not escape characters
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Sun Jun 26 14:29:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp updated ASTERISK-26151:
-----------------------------------
Severity: Minor (was: Major)
> pjsip: AOR regex based retrieval does not escape characters
> -----------------------------------------------------------
>
> Key: ASTERISK-26151
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26151
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 13.9.1
> Environment: Debian Sid
> Reporter: erebus
> Severity: Minor
>
> In source file asterisk/res/res_pjsip/location.c, there are several lines which pass AOR identifiers into regular expressions without proper escaping.
> For AORs that include regex metacharacters (such as +0000, bobby+tables or Tables*Bobby), this means that the resulting regex will be incorrect, breaking contact lookups and inbound calling.
> I suggest that AOR identifiers be escaped before being inserted into regular expressions.
> See also:
> • https://xkcd.com/327/
> • https://community.asterisk.org/t/pjsip-show-contacts-and-pjsip-dial-contacts-dont-see-my-contact-objects-cannot-receive-calls-in-asterisk-13-9-1/67156
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list