[asterisk-dev] Dialplan oddities with recent Asterisk ?

Hans Petter Selasky hselasky at c2i.net
Tue Feb 9 02:31:51 CST 2010


I'm just asking if it is possible to insert commands into the dialplan of 
Asterisk? For example:



exten => _X.,1,Dial(SIP/${EXTEN}@testsip)

And if ${EXTEN} = "000 at testsip&SIP/333" what turns out to happen then is 
similar to SQL injection :-(

I've noticed that incoming phone numbers in chan_sip.c are only strdup'ed. 
Many years ago I wrote in my ISDN4BSD software, that people that don't filter 
incoming digits should not program PBX software :-) Does Asterisk have any 
filtering of the destination extension by default?

I was not able to reproduce the issue on a vanilla Asterisk, because I found 
it hard to send the "&" character in the destination number, because it was 
always interpreted by the Dial command. But by modifying chan_sip.c, to send 
this character I was able to do some strange things :-(

Any comments?


More information about the asterisk-dev mailing list