[asterisk-dev] [Code Review] 4594: Asterisk manager output escape message control characters
Matt Jordan
reviewboard at asterisk.org
Tue Apr 7 13:20:09 CDT 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4594/#review15099
-----------------------------------------------------------
I don't see the actual patch on the issue. Did you use post-review to load the diff?
- Matt Jordan
On April 6, 2015, 2:54 p.m., warren smith wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4594/
> -----------------------------------------------------------
>
> (Updated April 6, 2015, 2:54 p.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: asterisk-24934
> https://issues.asterisk.org/jira/browse/asterisk-24934
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> Asterisk manager output is created using printf formatting, like:
>
> manager_event(SOME_EVENT_FLAG, "EventName",
> "KeyOne: %s\r\nKeyTwo: %s\r\n", val1, val2);
>
> This causes problems when the values themselves contain control characters like carriage return and newline, so that applications parsing the output will interpret this as a new key, or the end of an event. An example of this is having a callerid contain "\r\n\r\n". This ends the event, and the keys for the same event are interpreted as a new message, and any keys below are missed for the real event.
>
> I've included a patch that provides a ast_escape_c() function which takes a string, then returns a pointer to a new string that has the c characters escaped (i.e., newline into \n). I've modified the calls to the manager_event functions (manager_event, ast_manager_event, ast_manager_event_multichan) so that values that could be set by a user are escaped. The string values that as far as I know aren't user-created were left as-is, like channel names and uniqueid.
>
> There are quite a few calls to the manager event functions and I've double checked to make sure all memory allocations are freed after creating the escaped string. I also had added an ast_replace_string function which i didn't end up using, and added an ast_escape_output function which just calls ast_escape_c. An alternative would be to replace the sequence "\r\n" with the escaped version, rather than the individual characters.
>
> I'm testing on our asterisk 11 install and this fixes the parsing bugs we run into from messed up callerids and things like agent names containing return + newline.
>
>
> Diffs
> -----
>
>
> Diff: https://reviewboard.asterisk.org/r/4594/diff/
>
>
> Testing
> -------
>
> In our production environment I have been running the patch for about 5 days. The parsing issues we have had in the past are now resolved.
>
>
> Thanks,
>
> warren smith
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150407/5f420575/attachment.html>
More information about the asterisk-dev
mailing list