[asterisk-bugs] [JIRA] (ASTERISK-29664) PJSIP processing token with % incorrectly

Dan Cropp (JIRA) noreply at issues.asterisk.org
Wed Sep 22 09:02:33 CDT 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256416#comment-256416 ] 

Dan Cropp commented on ASTERISK-29664:
--------------------------------------

Additional item we noticed, it seems as though it's only hex characters immediately following the '%' character that are impacted.  Seems like PJSIP may be processing it as an escape and attempting to interpret the %__ as the hex character equivalent.

For example, branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%4QnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!
worked during a test.  (Or at least %4Q worked when we had customer on 16.15.0 and encountered it.)  Those in our development area suspect it's because PJSIP saw Q was not a valid hex character so it left it alone.

The SIP provider claims this work on Asterisk customers running chan_sip, this is PJSIP only.



> PJSIP processing token with % incorrectly
> -----------------------------------------
>
>                 Key: ASTERISK-29664
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29664
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 16.17.0
>         Environment: Ubuntu 18
>            Reporter: Dan Cropp
>            Severity: Major
>         Attachments: debug_log.txt, messages.txt
>
>
> We have a SIP provider who sends an INVITE with a Branch header.
> Everything is fine in most cases.  However, there are times they send a Branch header with a % character.
> From what I have been told, the header is a token, so it is acceptable to include the % character.
> There seem to be two different issues with PJSIP processing of headers with the % character in tokenized fields.
> Example.
> branch=z9hG4bKf5s1psess0KGj0gRsgyJIBWEYL%QWIjkWmDXr8xnPVgaOBzOLSV28
> In one case, it can receive the portion and process it, but when sending out the same token it changes it to lower case.  Example, received %8A portion, but sent %8a.  This means it’s not a match for the token so the other side will not match.
> Received
> branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%8AnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!
> Sent
> branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%8anzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!
> It another case, seems PJSIP has another scenario where the % character is processed as the escaped character if it would be printable character.  Example, received %4C.  The send replaces that portion with upper case L
> Received
> branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1Xv%4CnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!
> Sent
> branch=z9hG4bKf5s1psess0gbkeviMkQYREmK31pLWRKQ+FRmVzHQNG1XvLnzLVA!;extension=QKIT3jRNBcmZT7yu5m7absBxXxlfn1kLwfYKYT0MOyY!



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list