[Asterisk-code-review] AMI: Escape string values. (asterisk[13])
Kevin Harwell
asteriskteam at digium.com
Mon Jun 1 12:06:35 CDT 2015
Kevin Harwell has uploaded a new change for review.
https://gerrit.asterisk.org/560
Change subject: AMI: Escape string values.
......................................................................
AMI: Escape string values.
So this issue is a bit complicated. Since it is possible to pass values to AMI
that contain a '\r\n' (or other similar sequences) these values need to be
escaped. One way to solve this is to escape the values and then pass the escaped
values to the AMI variable parameter string building function. However, this
puts the onus on the pre-build function to escape all string values. This
potentially requires a fair amount of changes along with a lot of string
allocations/freeing for all values.
Surely there is a way to push this complexity down a level into the string
building function itself? This of course is possible, but ends up requiring a
way to distinguish between strings that need to be escaped and those that don't.
The best way to handle this is by introducing a new format specifier in the
format string. For instance a %s (no escape) and %S (escape). However, that is
a bit weird and unexpected.
So faced with those possibilities this patch implements a limited version of the
first option. Instead of attempting to escape all string values this patch only
escapes those values that make sense. This approach limits the number of changes
and doesn't suffer from the odd format specifier problem.
ASTERISK-24934 #close
Reported by: warren smith
Change-Id: Ib55a5b84fe0481b0f2caaaab68c566f392c0aac0
---
M include/asterisk/strings.h
M main/manager_channels.c
M main/presencestate.c
M main/stasis_channels.c
M main/utils.c
M tests/test_strings.c
6 files changed, 206 insertions(+), 11 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/60/560/1
diff --git a/include/asterisk/strings.h b/include/asterisk/strings.h
index 7af92af..63b1294 100644
--- a/include/asterisk/strings.h
+++ b/include/asterisk/strings.h
@@ -309,6 +309,62 @@
*/
char *ast_unescape_c(char *s);
+/* Standard escape sequences */
+extern char ast_escape_sequences[];
+
+/*!
+ * \brief Escape the 'to_escape' characters in the given string.
+ *
+ * \note The given output buffer has to have enough memory allocated to store the
+ * original string plus any escaped values.
+ *
+ * \param dest the escaped string
+ * \param s the source string to escape
+ * \param num number of characters to be copied from the source
+ * \param to_escape an array of characters to escape
+ *
+ * \return Pointer to the destination.
+ */
+char* ast_escape(char *dest, const char *s, size_t num, const char *to_escape);
+
+/*!
+ * \brief Escape standard 'C' sequences in the given string.
+ *
+ * \note The given output buffer has to have enough memory allocated to store the
+ * original string plus any escaped values.
+ *
+ * \param dest the escaped string
+ * \param s the source string to escape
+ * \param num number of characters to be copied from the source
+ * \param to_escape an array of characters to escape
+ *
+ * \return Pointer to the escaped string.
+ */
+#define ast_escape_c(dest, s, num) ast_escape(dest, s, num, ast_escape_sequences)
+
+/*!
+ * \brief Escape the 'to_escape' characters in the given string.
+ *
+ * \note Caller is responsible for freeing the returned string
+ *
+ * \param s the source string to escape
+ * \param to_escape an array of characters to escape
+ *
+ * \return Pointer to the destination.
+ */
+char *ast_escape_alloc(const char *s, const char *to_escape);
+
+/*!
+ * \brief Escape standard 'C' sequences in the given string.
+ *
+ * \note Caller is responsible for freeing the returned string
+ *
+ * \param s the source string to escape
+ *
+ * \return Pointer to the escaped string.
+ */
+#define ast_escape_c_alloc(s) ast_escape_alloc(s, ast_escape_sequences)
+
/*!
\brief Size-limited null-terminating string copy.
\param dst The destination buffer.
diff --git a/main/manager_channels.c b/main/manager_channels.c
index 3aaab92..1595e62 100644
--- a/main/manager_channels.c
+++ b/main/manager_channels.c
@@ -408,6 +408,7 @@
{
struct ast_str *out = ast_str_create(1024);
int res = 0;
+ char *caller_name, *connected_name;
if (!out) {
return NULL;
@@ -417,6 +418,12 @@
ast_free(out);
return NULL;
}
+
+ caller_name = ast_escape_c_alloc(snapshot->caller_name);
+ connected_name = ast_escape_c_alloc(snapshot->connected_name);
+
+ ast_log(LOG_VERBOSE, "CALLER NAME = %s\n", caller_name);
+ ast_log(LOG_VERBOSE, "CONNECTED NAME = %s\n", connected_name);
res = ast_str_set(&out, 0,
"%sChannel: %s\r\n"
@@ -436,9 +443,9 @@
prefix, snapshot->state,
prefix, ast_state2str(snapshot->state),
prefix, S_OR(snapshot->caller_number, "<unknown>"),
- prefix, S_OR(snapshot->caller_name, "<unknown>"),
+ prefix, S_OR(caller_name, "<unknown>"),
prefix, S_OR(snapshot->connected_number, "<unknown>"),
- prefix, S_OR(snapshot->connected_name, "<unknown>"),
+ prefix, S_OR(connected_name, "<unknown>"),
prefix, snapshot->language,
prefix, snapshot->accountcode,
prefix, snapshot->context,
@@ -448,17 +455,25 @@
if (!res) {
ast_free(out);
+ ast_free(caller_name);
+ ast_free(connected_name);
return NULL;
}
if (snapshot->manager_vars) {
struct ast_var_t *var;
+ char *val;
AST_LIST_TRAVERSE(snapshot->manager_vars, var, entries) {
+ val = ast_escape_c_alloc(var->value);
ast_str_append(&out, 0, "%sChanVariable: %s=%s\r\n",
prefix,
- var->name, var->value);
+ var->name, S_OR(val, ""));
+ ast_free(val);
}
}
+
+ ast_free(caller_name);
+ ast_free(connected_name);
return out;
}
@@ -556,6 +571,9 @@
struct ast_channel_snapshot *old_snapshot,
struct ast_channel_snapshot *new_snapshot)
{
+ struct ast_manager_event_blob *res;
+ char *callerid;
+
/* No NewCallerid event on cache clear or first event */
if (!old_snapshot || !new_snapshot) {
return NULL;
@@ -565,11 +583,19 @@
return NULL;
}
- return ast_manager_event_blob_create(
+ if (!(callerid = ast_escape_c_alloc(
+ ast_describe_caller_presentation(new_snapshot->caller_pres)))) {
+ return NULL;
+ }
+
+ res = ast_manager_event_blob_create(
EVENT_FLAG_CALL, "NewCallerid",
"CID-CallingPres: %d (%s)\r\n",
new_snapshot->caller_pres,
- ast_describe_caller_presentation(new_snapshot->caller_pres));
+ callerid);
+
+ ast_free(callerid);
+ return res;
}
static struct ast_manager_event_blob *channel_new_connected_line(
diff --git a/main/presencestate.c b/main/presencestate.c
index ab03336..207e2aa 100644
--- a/main/presencestate.c
+++ b/main/presencestate.c
@@ -393,14 +393,23 @@
static struct ast_manager_event_blob *presence_state_to_ami(struct stasis_message *msg)
{
struct ast_presence_state_message *presence_state = stasis_message_data(msg);
+ struct ast_manager_event_blob *res;
- return ast_manager_event_blob_create(EVENT_FLAG_CALL, "PresenceStateChange",
+ char *subtype = ast_escape_c_alloc(presence_state->subtype);
+ char *message = ast_escape_c_alloc(presence_state->message);
+
+ res = ast_manager_event_blob_create(EVENT_FLAG_CALL, "PresenceStateChange",
"Presentity: %s\r\n"
"Status: %s\r\n"
"Subtype: %s\r\n"
"Message: %s\r\n",
presence_state->provider,
ast_presence_state2str(presence_state->state),
- presence_state->subtype,
- presence_state->message);
+ subtype ?: "",
+ message ?: "");
+
+ ast_free(subtype);
+ ast_free(message);
+
+ return res;
}
diff --git a/main/stasis_channels.c b/main/stasis_channels.c
index ae76c1e..b8efd40 100644
--- a/main/stasis_channels.c
+++ b/main/stasis_channels.c
@@ -793,8 +793,12 @@
struct ast_channel_blob *obj = stasis_message_data(msg);
const char *variable =
ast_json_string_get(ast_json_object_get(obj->blob, "variable"));
- const char *value =
- ast_json_string_get(ast_json_object_get(obj->blob, "value"));
+ RAII_VAR(char *, value, ast_escape_c_alloc(
+ ast_json_string_get(ast_json_object_get(obj->blob, "value"))), ast_free);
+
+ if (!value) {
+ return NULL;
+ }
if (obj->snapshot) {
channel_event_string =
@@ -1713,4 +1717,4 @@
ast_channel_datastore_remove(caller, datastore);
ast_datastore_free(datastore);
-}
\ No newline at end of file
+}
diff --git a/main/utils.c b/main/utils.c
index d162ccc..a89d5de 100644
--- a/main/utils.c
+++ b/main/utils.c
@@ -1623,6 +1623,73 @@
return ret;
}
+/* Standard escape sequences */
+char ast_escape_sequences[] = {
+ '\a', '\b', '\f', '\n', '\r', '\t', '\v', '\\', '\'', '\"', '\?', '\0'
+};
+
+/*
+ * Standard escape sequences output map (has to maintain matching
+ * order with ast_escape_sequences).
+ */
+static char escape_sequences_map[] = {
+ 'a', 'b', 'f', 'n', 'r', 't', 'v', '\\', '\'', '"', '?'
+};
+
+char* ast_escape(char *dest, const char *s, size_t num, const char *to_escape)
+{
+ char *p;
+
+ if (!dest || ast_strlen_zero(s)) {
+ return dest;
+ }
+
+ if (ast_strlen_zero(to_escape)) {
+ ast_copy_string(dest, s, num);
+ return dest;
+ }
+
+ for (p = dest; *s && num--; ++s, ++p) {
+ /* If in the list of characters to escape then escape it */
+ if (strchr(to_escape, *s)) {
+ /*
+ * See if the character to escape is part of the standard escape
+ * sequences. If so we'll have to use its mapped counterpart
+ * otherwise just use the given value.
+ */
+ char *c = strchr(ast_escape_sequences, *s);
+ *p++ = '\\';
+ *p = c ? escape_sequences_map[c - ast_escape_sequences] : *s;
+ } else {
+ *p = *s;
+ }
+ }
+
+ *p = '\0';
+ return dest;
+}
+
+char *ast_escape_alloc(const char *s, const char *to_escape)
+{
+ char *res;
+ size_t size;
+
+ if (!s || !(size = strlen(s))) {
+ return NULL;
+ }
+
+ /*
+ * The result string needs to be twice the size of the given
+ * string just in case every character in it needs to be escaped.
+ */
+ size = size * 2 + 1;
+ if (!(res = (char*)ast_calloc(sizeof(char), size))) {
+ return NULL;
+ }
+
+ return ast_escape(res, s, size, to_escape);
+}
+
int ast_build_string_va(char **buffer, size_t *space, const char *fmt, va_list ap)
{
int result;
diff --git a/tests/test_strings.c b/tests/test_strings.c
index 4321d4a..04f57ef 100644
--- a/tests/test_strings.c
+++ b/tests/test_strings.c
@@ -455,6 +455,37 @@
return AST_TEST_PASS;
}
+AST_TEST_DEFINE(escape_test)
+{
+ char buf[128];
+
+#define TEST_ESCAPE(s, to_escape, expected) \
+ !strcmp(ast_escape(buf, s, sizeof(buf) / sizeof(char), to_escape), expected)
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "escape";
+ info->category = "/main/strings/";
+ info->summary = "Test ast_escape";
+ info->description = "Test escaping values in a string";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_validate(test, TEST_ESCAPE("null escape", NULL, "null escape"));
+ ast_test_validate(test, TEST_ESCAPE("no matching escape", "Z", "no matching escape"));
+ ast_test_validate(test, TEST_ESCAPE("escape Z", "Z", "escape \\Z"));
+ ast_test_validate(test, TEST_ESCAPE("Z", "Z", "\\Z"));
+ ast_test_validate(test, TEST_ESCAPE(";;", ";;", "\\;\\;"));
+ ast_test_validate(test, TEST_ESCAPE("escape \n", "\n", "escape \\n"));
+ ast_test_validate(test, TEST_ESCAPE("escape \n again \n", "\n", "escape \\n again \\n"));
+ ast_test_validate(test, TEST_ESCAPE("escape \a\b\f\n\r\t\v\\\'\"\?", ast_escape_sequences,
+ "escape \\a\\b\\f\\n\\r\\t\\v\\\\\\\'\\\"\\?"));
+
+ return AST_TEST_PASS;
+}
+
static int unload_module(void)
{
AST_TEST_UNREGISTER(str_test);
@@ -462,6 +493,7 @@
AST_TEST_UNREGISTER(ends_with_test);
AST_TEST_UNREGISTER(strsep_test);
AST_TEST_UNREGISTER(escape_semicolons_test);
+ AST_TEST_UNREGISTER(escape_test);
return 0;
}
@@ -472,6 +504,7 @@
AST_TEST_REGISTER(ends_with_test);
AST_TEST_REGISTER(strsep_test);
AST_TEST_REGISTER(escape_semicolons_test);
+ AST_TEST_REGISTER(escape_test);
return AST_MODULE_LOAD_SUCCESS;
}
--
To view, visit https://gerrit.asterisk.org/560
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib55a5b84fe0481b0f2caaaab68c566f392c0aac0
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
More information about the asterisk-code-review
mailing list