[asterisk-bugs] [JIRA] (ASTERISK-26151) pjsip: AOR regex based retrieval does not escape characters
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Wed Dec 13 12:38:07 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Mudgett updated ASTERISK-26151:
---------------------------------------
Target Release Version/s: 15.2.0
> pjsip: AOR regex based retrieval does not escape characters
> -----------------------------------------------------------
>
> Key: ASTERISK-26151
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26151
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 13.9.1
> Environment: Debian Sid
> Reporter: erebus
> Severity: Minor
> Target Release: 13.19.0, 15.2.0
>
>
> In source file asterisk/res/res_pjsip/location.c, there are several lines which pass AOR identifiers into regular expressions without proper escaping.
> For AORs that include regex metacharacters (such as +0000, bobby+tables or Tables*Bobby), this means that the resulting regex will be incorrect, breaking contact lookups and inbound calling.
> I suggest that AOR identifiers be escaped before being inserted into regular expressions.
> See also:
> • https://xkcd.com/327/
> • https://community.asterisk.org/t/pjsip-show-contacts-and-pjsip-dial-contacts-dont-see-my-contact-objects-cannot-receive-calls-in-asterisk-13-9-1/67156
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list