[asterisk-dev] Dialstring injection - security advisory release?
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Feb 12 03:48:21 CST 2010
Am 12.02.2010 01:19, schrieb Russell Bryant:
> On 02/11/2010 05:43 PM, Matt Riddell wrote:
>> Which was why I suggested an asterisk.conf variable to whitelist
>> a-z,A-Z,0-9 for pattern matching :)
>
> *nods*
>
> I don't see any harm in something like that if it is off by default, I
> suppose.
and configureable :-)
e.g. SIP URIs often contain - or . and dialstrings often contain + * #
regards
klaus
More information about the asterisk-dev
mailing list