[asterisk-dev] [Code Review] 4594: Asterisk manager output escape message control characters
warren smith
reviewboard at asterisk.org
Tue Apr 7 13:25:52 CDT 2015
> On April 7, 2015, 6:20 p.m., Matt Jordan wrote:
> > I don't see the actual patch on the issue. Did you use post-review to load the diff?
I may have closed the window before it finished. Do you see it now?
- warren
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4594/#review15099
-----------------------------------------------------------
On April 7, 2015, 6:25 p.m., warren smith wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4594/
> -----------------------------------------------------------
>
> (Updated April 7, 2015, 6:25 p.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: asterisk-24934
> https://issues.asterisk.org/jira/browse/asterisk-24934
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> Asterisk manager output is created using printf formatting, like:
>
> manager_event(SOME_EVENT_FLAG, "EventName",
> "KeyOne: %s\r\nKeyTwo: %s\r\n", val1, val2);
>
> This causes problems when the values themselves contain control characters like carriage return and newline, so that applications parsing the output will interpret this as a new key, or the end of an event. An example of this is having a callerid contain "\r\n\r\n". This ends the event, and the keys for the same event are interpreted as a new message, and any keys below are missed for the real event.
>
> I've included a patch that provides a ast_escape_c() function which takes a string, then returns a pointer to a new string that has the c characters escaped (i.e., newline into \n). I've modified the calls to the manager_event functions (manager_event, ast_manager_event, ast_manager_event_multichan) so that values that could be set by a user are escaped. The string values that as far as I know aren't user-created were left as-is, like channel names and uniqueid.
>
> There are quite a few calls to the manager event functions and I've double checked to make sure all memory allocations are freed after creating the escaped string. I also had added an ast_replace_string function which i didn't end up using, and added an ast_escape_output function which just calls ast_escape_c. An alternative would be to replace the sequence "\r\n" with the escaped version, rather than the individual characters.
>
> I'm testing on our asterisk 11 install and this fixes the parsing bugs we run into from messed up callerids and things like agent names containing return + newline.
>
>
> Diffs
> -----
>
> http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_local.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_iax2.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_agent.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/cel/cel_manager.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/cdr/cdr_manager.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_voicemail.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_userevent.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_stack.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_queue.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_meetme.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_dial.c 433419
> http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_confbridge.c 433419
>
> Diff: https://reviewboard.asterisk.org/r/4594/diff/
>
>
> Testing
> -------
>
> In our production environment I have been running the patch for about 5 days. The parsing issues we have had in the past are now resolved.
>
>
> Thanks,
>
> warren smith
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150407/74112482/attachment-0001.html>
More information about the asterisk-dev
mailing list