[asterisk-dev] [Code Review] RFC compliant uri and display-name encode/decode

Nick Lewis Nick.Lewis at atltelecom.com
Mon Jan 25 04:33:10 CST 2010 


> On 2010-01-22 18:31:45, Tilghman Lesher wrote:
> > /trunk/channels/chan_sip.c, lines 14640-14642
> > <https://reviewboard.asterisk.org/r/469/diff/2/?file=7820#file7820line14640>
> >
> >     I didn't mean that it started with a quote, but that that was the entire string.  If it starts with a '<', then returning a string that starts with '<' is incorrect.  You instead should be returning the empty string, because there is no displayname, correct?

I agree
rfc3261 allows a display-name to contain zero or more tokens so for example the header
From: <sip:johnsmith at 1.2.3.4>
has a valid empty display-name

There may also be problems with headers that are permitted to contain either addr-spec or name-addr. If they contain addr-spec then the uri may be detected by get_calleridname as a token style display-name. The function is now kind and silently drops illegal chars but it may need to take a firmer line with the ":" character so that the header
From: sip:johnsmith at 1.2.3.4
is treated as an empty display-name rather than sipjohnsmith1.2.3.4


- Nick


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/469/#review1402
-----------------------------------------------------------


On 2010-01-22 12:13:36, David Vossel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/469/
> -----------------------------------------------------------
> 
> (Updated 2010-01-22 12:13:36)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> Parts of this patch were posted in separate reviews a few weeks ago.  During the discussion of those patches I took down the reviews as I felt the code was not complete.  This review is a combination of the two uri encode/decode patches, a complete rewrite of the get_calleridname() function, and the addition of two new unit tests.  These changes are in response to (issue #16299) and are a compilation of code written by both wdoekes and myself.
> 
> ------Changes------
> 
> 1.  URI Encoding
> 
> This patch changes ast_uri_encode()'s behavior when doreserved is enabled.  Previously when doreserved was enabled only a small set of reserved characters were encoded.  This set was comprised primarily of the reserved characters defined in RFC3261 section 25.1, but contained other characters as well.  Rather than only escaping the reserved set, doreserved now escapes all characters not within the unreserved set as defined by RFC 3261 and RFC 2396.  Also, the 'doreserved' variable has been renamed to 'do_special_char' in attempts to avoid confusion.
> 
> When doreserve is not enabled, the previous logic of only encoding the characters <= 0X1F and > 0X7f remains, except for the '%' character, which must always be encoded as it signifies a HEX escaped character during the decode process.
> 
> In RFC 3261 and RFC 2396 the unreserved character set is defined by all alphanumeric characters and a small number of characters defined in the mark set.
> mark        =  "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
> unreserved  =  alphanum / mark
> 
> 2. URI Decoding: Break up URI before decode.
> 
> In chan_sip.c ast_uri_decode is called on the entire URI instead of it's individual parts after it is parsed.  This is not good as ast_uri_decode can introduce special characters back into the URI which can mess up parsing.  This patch resolves this by not decoding a URI until parsing is completely done.  There are many instances where we check to see if pedantic checking is enabled before we decode a URI.  In these cases a new macro, SIP_PEDANTIC_DECODE, is used on the individual parsed segments of the URI rather than constantly putting if (pedantic) { decode() } checks everywhere in the code.  In the areas where ast_uri_decode is not dependent upon pedantic checking this macro is not used, but decoding is still moved to each individual part of the URI.  The only behavior that should change from this patch is the time at which decoding occurs.
> 
> Since I had to look over every place URI parsing occurs to create this patch, I found several places where we use duplicate code for parsing.  To consolidate the code, those areas have updated to use the parse_uri() function where possible.
> 
> 3. SIP display-name decoding according to RFC3261 section 25.
> 
> To properly decode the display-name portion of a FROM header, chan_sip's get_calleridname() function required a complete re-write.  More information about this change can be found in the comments at the beginning of this function.
> 
> 4. Unit Tests.
> 
> Unit tests for ast_uri_encode, ast_uri_decode, and get_calleridname() have been written.  This involved the addition of the test_utils.c file for testing the utils api.
> 
> 
> Diffs
> -----
> 
>   /trunk/channels/chan_sip.c 242402 
>   /trunk/include/asterisk/utils.h 242402 
>   /trunk/main/test.c 242402 
>   /trunk/main/test_utils.c PRE-CREATION 
>   /trunk/main/utils.c 242402 
> 
> Diff: https://reviewboard.asterisk.org/r/469/diff
> 
> 
> Testing
> -------
> 
> - new unit tests pass
> - verified SIP registrations, calls, and transfers work correctly within my test environment
> 
> 
> Thanks,
> 
> David
> 
>

More information about the asterisk-dev mailing list