[asterisk-bugs] [JIRA] (ASTERISK-20369) AMI channelvars option can break manager protocol

[Joshua Colp (JIRA)]

     [ https://issues.asterisk.org/jira/browse/ASTERISK-20369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-20369:
-----------------------------------

    Affects Version/s: 13.18.4

> AMI channelvars option can break manager protocol
> -------------------------------------------------
>
>                 Key: ASTERISK-20369
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20369
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/ManagerInterface
>    Affects Versions: 11.0.0-beta1, 13.18.4
>            Reporter: Tim Ringenbach at Asteria Solutions Group
>
> The manager.conf channelvars setting can break the manager protocol in two ways.
> Because it uses a header of ChanVariable(channelname), if you do something like this cli command "channel originate Local/700):@all_calls/n application MusicOnHold" then you get headers that look like this:
> ChanVariable(Local/700):@all_calls-08ee;2): SIPCALLID=
> with extra colons and parentheses. 
> (I think there's some more natural ways to get channels with colons in them, don't SIP channel names sometimes include the port number? I used the local channel example to prove that matching parens isn't good enough.)
> Since SIP can dial arbitrary urls, if the dialplan involves Dial(Local/{$EXTEN}@context), someone without CLI access could trigger this bug.
> The other way, is you can set channelvars to something like SHELL(ls) and then it throws a bunch of new lines into the manager. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)