[asterisk-users] Bug in Dial() string processing

Antony Stone Antony.Stone at asterisk.open.source.it
Thu Oct 29 07:24:38 CDT 2020


On Tuesday 27 October 2020 at 11:00:10, Antony Stone wrote:

> Hi.
> 
> I've discovered a bug in the Dial() string processing (for Asterisk 13.14.1
> at least).

I've now confirmed that the same bug exists in 16.2.1

A Dial() command containing a SIP username/password combination which has a ! 
character in it is incorrectly parsed and fails.

> According to the documentation in channels/chan_sip.c the Dial() string
> syntax is:
> 
>  *     SIP/devicename
>  * or SIP/username at domain (SIP uri)
>  * or SIP/username[:password[:md5secret[:authname[:transport]]]]@host[:port]
>  * or SIP/devicename/extension
>  * or SIP/devicename/extension/IPorHost
>  * or SIP/username at domain//IPorHost
>  *
>  * and there is an optional [!dnid] argument you can append to alter the
>  * To: header.
> 
> The bug is in the last part - the optional !dnid argument.
> 
> This should parse for a ! *following* any of the above syntaxes and assign
> whatever follows it to dnid.  If there is more than one ! in the entire
> string, dnid should follow the final one.
> 
> Unfortunately, the string parsing checks *first* for a ! and assigns
> everything following the first occurrence to dnid, and then attempts to
> parse whatever preceded it according to the above possibilities.
> 
> This means that if a SIP password, for example, contains a !, it is
> impossible to use the stated syntax
> 
> SIP/username[:password[:md5secret[:authname[:transport]]]]@host[:port]
> 
> Note that in this syntax, @host is non-optional, therefore parsing for a !
> preceding the @host part and regarding what follows the ! as dnid is
> incorrect.
> 
> 
> Regards,
> 
> 
> Antony.

-- 
"The future is already here.   It's just not evenly distributed yet."

 - William Gibson

                                                   Please reply to the list;
                                                         please *don't* CC me.



More information about the asterisk-users mailing list