[Asterisk-Dev] ast_xxx function..?

Matt Hess mhess at livewirenet.com
Fri Sep 30 14:02:34 MST 2005 


Kevin P. Fleming wrote:
> Matt Hess wrote:
> 
>> I've run into a problem with head that I'd like to make a patch for 
>> but I need to see first if an ast_ function exists to strip all non 
>> alphanumeric characters from a char.. in this case the nonce variable 
>> in chan_sip. Some sip analog gateways send a nonce improperly and 
>> getting the vendors to fix it has been a real pita 'wait and see' 
>> thing. The example nonce I am working off of looks like: 
>> nonce="7d0ae5ad" ", which is clearly wrong. I would like to ensure 
>> that nonce only has alpha numeric characters in it as I believe it 
>> should not be allowed to contain a quote or space in the value.. all I 
>> really need to see is if asterisk already has a function to do this 
>> and return the cleaned string.
> 
> 
> We have functions to strip quotes, whitespace, etc. Look in strings.h. 
> However, we won't put in a patch to do this _always_ if it's 
> non-RFC-conforming, because it will negatively impact performance for 
> all users. If the RFC allows it, though, then the patch will be most 
> welcome :-)

I didn't quite follow your meaning.. if my patch breaks rfc conformance 
it would not be included is what I think you are saying.

I just looked up rfc 3261 and it indicates that the formatting should 
follow the guidelines in rfc 2617.. both appear to indicate the nonce 
value should be a quoted string.. so would this patch idea be viewed as 
helping slightly rfc-broken devices become rfc compliant?

I am looking specifically at rfc 2617 in 3.2.1:

    nonce
      A server-specified data string which should be uniquely generated
      each time a 401 response is made. It is recommended that this
      string be base64 or hexadecimal data. Specifically, since the
      string is passed in the header lines as a quoted string, the
      double-quote character is not allowed.

I believe the proper place to put this is in channels/chan_sip.c inside 
of check_auth at around line 5976.. right before the /* Verify nonce 
from request matches our nonce.  If not, send 401 with new nonce */ comment.

But beyond simple compile modifications to asterisk for openbsd I'm 
lacking some clue as to if this is indeed a good place to put a little 
cleanup snippet.


> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mhess.vcf
Type: text/x-vcard
Size: 288 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20050930/83814793/mhess.vcf

More information about the asterisk-dev mailing list