[asterisk-dev] Dialstring injection - security advisory release?

Klaus Darilion klaus.mailinglists at pernau.at
Fri Feb 12 03:48:21 CST 2010



Am 12.02.2010 01:19, schrieb Russell Bryant:
> On 02/11/2010 05:43 PM, Matt Riddell wrote:
>> Which was why I suggested an asterisk.conf variable to whitelist
>> a-z,A-Z,0-9 for pattern matching :)
>
> *nods*
>
> I don't see any harm in something like that if it is off by default, I
> suppose.

and configureable :-)

e.g. SIP URIs often contain - or . and dialstrings often contain + * #

regards
klaus



More information about the asterisk-dev mailing list