[asterisk-bugs] [JIRA] (ASTERISK-29664) PJSIP processing token with % incorrectly

Dan Cropp (JIRA) noreply at issues.asterisk.org
Tue Sep 21 14:07:33 CDT 2021


Dan Cropp created ASTERISK-29664:
------------------------------------

             Summary: PJSIP processing token with % incorrectly
                 Key: ASTERISK-29664
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29664
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: pjproject/pjsip
    Affects Versions: 16.17.0
         Environment: Ubuntu 18
            Reporter: Dan Cropp
            Severity: Critical


We have a SIP provider who sends an INVITE with a Branch header.
Everything is fine in most cases.  However, there are times they send a Branch header with a % character.
>From what I have been told, the header is a token, so it is acceptable to include the % character.

There seem to be two different issues with PJSIP processing of headers with the % character in tokenized fields.

Example.
branch=z9hG4bKf5s1psess0KGj0gRsgyJIBWEYL%QWIjkWmDXr8xnPVgaOBzOLSV28


In one case, it can receive the portion and process it, but when sending out the same token it changes it to lower case.  Example, received %8A portion, but sent %8a.  This means it’s not a match for the token so the other side will not match.
Received
branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%8AnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!
Sent
branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%8anzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!


It another case, seems PJSIP has another scenario where the % character is processed as the escaped character if it would be printable character.  Example, received %4C.  The send replaces that portion with upper case L

Received
branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%4CnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!
Sent
branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1XvLnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!




--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list