[asterisk-dev] [Code Review] 4594: Asterisk manager output escape message control characters

warren smith reviewboard at asterisk.org
Tue Apr 7 13:25:52 CDT 2015 


> On April 7, 2015, 6:20 p.m., Matt Jordan wrote:
> > I don't see the actual patch on the issue. Did you use post-review to load the diff?

I may have closed the window before it finished.  Do you see it now?


- warren


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4594/#review15099
-----------------------------------------------------------


On April 7, 2015, 6:25 p.m., warren smith wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4594/
> -----------------------------------------------------------
> 
> (Updated April 7, 2015, 6:25 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: asterisk-24934
>     https://issues.asterisk.org/jira/browse/asterisk-24934
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Asterisk manager output is created using printf formatting, like:
> 
> manager_event(SOME_EVENT_FLAG, "EventName",
>     "KeyOne: %s\r\nKeyTwo: %s\r\n", val1, val2);
> 
> This causes problems when the values themselves contain control characters like carriage return and newline, so that applications parsing the output will interpret this as a new key, or the end of an event.  An example of this is having a callerid contain "\r\n\r\n".  This ends the event, and the keys for the same event are interpreted as a new message, and any keys below are missed for the real event.
> 
> I've included a patch that provides a ast_escape_c() function which takes a string, then returns a pointer to a new string that has the c characters escaped (i.e., newline into \n).  I've modified the calls to the manager_event functions (manager_event, ast_manager_event, ast_manager_event_multichan) so that values that could be set by a user are escaped.  The string values that as far as I know aren't user-created were left as-is, like channel names and uniqueid.
> 
> There are quite a few calls to the manager event functions and I've double checked to make sure all memory allocations are freed after creating the escaped string.  I also had added an ast_replace_string function which i didn't end up using, and added an ast_escape_output function which just calls ast_escape_c.  An alternative would be to replace the sequence "\r\n" with the escaped version, rather than the individual characters.
> 
> I'm testing on our asterisk 11 install and this fixes the parsing bugs we run into from messed up callerids and things like agent names containing return + newline.
> 
> 
> Diffs
> -----
> 
>   http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_local.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_iax2.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/channels/chan_agent.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/cel/cel_manager.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/cdr/cdr_manager.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_voicemail.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_userevent.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_stack.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_queue.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_meetme.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_dial.c 433419 
>   http://svn.asterisk.org/svn/asterisk/branches/11/apps/app_confbridge.c 433419 
> 
> Diff: https://reviewboard.asterisk.org/r/4594/diff/
> 
> 
> Testing
> -------
> 
> In our production environment I have been running the patch for about 5 days.  The parsing issues we have had in the past are now resolved.
> 
> 
> Thanks,
> 
> warren smith
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150407/74112482/attachment-0001.html>

More information about the asterisk-dev mailing list