Summary:ASTERISK-01325: Proxy-Authoriation response spread over multiple lines is not accepted
Reporter:fwmiller (fwmiller)Labels:
Date Opened:2004-04-01 12:15:46.000-0600Date Closed:2004-09-25 02:49:39
Versions:Frequency of
Environment:Attachments:( 0) chan_sip.diff.txt
Description:I'm writing a SIP user agent that can provide Proxy-Authorization on a single or spread over multiple lines as follows:

Single line:

Proxy-Authorization: Digest username="CornfedSIPUA", realm="asterisk", nonce="7c90de27", response="9ebf9c0beb33e3882c09a86db2f75825"

Multiple lines:

Proxy-Authorization: Digest username="CornfedSIPUA",

The single line response is accepted, the multi-line response is not.  The only difference is the presentation spread over multiple lines.  This multi-line response valid according to RFC 3261.
Comments:By: Olle Johansson (oej) 2004-04-05 06:34:33

This is a bug, indeed. Needs changes to the header field parser. We still need the get_header function to handle the header, regardless if it's one-line or multi-line.

By: Olle Johansson (oej) 2004-04-05 06:37:55

From RFC 3261:
Header fields can be extended over multiple lines by preceding each extra line with at least one SP or
horizontal tab (HT). The line break and the whitespace at the beginning of the next line are treated as a single SP character. Thus, the following are equivalent:

Subject: I know you&ASTERISK-7996;re there, pick up the phone and talk to me!
Subject: I know you&ASTERISK-7996;re there,
(whitespace)pick up the phone
(whitespace)and talk to me!

Thus, you need whitespace first on the line. Mantis strips that information.

edited on: 04-05-04 05:30

By: Olle Johansson (oej) 2004-04-07 03:05:44

I'm raising the level of this. It's a bug, not a major blocking bug, but still a bug.

By: Mark Spencer (markster) 2004-04-15 00:58:44

Since nobody actually does this, it's going to have to be a feature that is enabled only if "pedantic" is set to yes, since it complicates the parser tremendously.

By: Olle Johansson (oej) 2004-04-25 02:55:33

Someone actually does this. From the mailing list:
Hi All.

now I'm try to regist that phone.
but it had funny REGISTER header like that.because it cannot to regist
to asterisk.( multi-lined Proxy-Authorization: )

Sip read:
Call-ID: 96C3C59796C3C597.10@
From: "2000XXXX" <sip:2000XXXX@>;tag=00505101178f-108286159
To: "2000XXXX" <sip:2000XXXX@>
Via: SIP/2.0/UDP;branch=z9hG4bK-00505101178f-1082861594-iu-V1.52.07.VX-00070-o-2
Max-Forwards: 70
User-Agent: IWATSU_SIP/V1.52.07.VX
Expires: 300
Contact: sip:2000XXXX@;expires=300
Date: Sun, 25 Apr 2004 02:53:14 GMT
Proxy-Authorization: Digest  realm="asterisk",
Content-Length: 0

Does anyone already fixed chan_sip.c?


By: Mark Spencer (markster) 2004-04-25 23:10:30

Someone have a system i can ssh into that has such a device registering so i can implement it?

By: Mark Spencer (markster) 2004-04-25 23:24:37

I put a quickie hack which should get us closer, but it's not precisely correct, as it could introduce an extra space.

By: Mark Spencer (markster) 2004-04-27 02:22:42

Okay, if this is a "major" bug, somebody better indicate that they care about it or i'm just going to assume my fix did it and close this out.

By: Olle Johansson (oej) 2004-04-27 07:14:58

I'll take it down to "minor" again until I find a software or phone that I can test this with. Have been looking around for it, but can't find one here in Sweden...

fwmiller: Do you have software that can test this?

By: fwmiller (fwmiller) 2004-04-27 16:43:37

The right fix is simply do a preprocessing step to concatenate multiple lines to single lines prior to submission to the parser.  This step simply scans the message, compressing it as it goes so its not a big performance hit.  This procedure is detailed in RFC 3261, conversion of linear white space to single whitespace.  The following procedure does this:

lws2sws(char *msgbuf, int len)
       int h = 0, t = 0;
       int lws = 0;

       for (; h < len;) {
               /* Eliminate all CRs */
               if (msgbuf[h] == '\r') {
               /* Check for end-of-line */
               if (msgbuf[h] == '\n') {
                       /* Check for end-of-message */
                       if (h + 1 == len)

                       /* Check for a continuation line */
                       if (msgbuf[h + 1] == ' ') {
                               /* Merge continuation line */
                       /* Propagate LF and start new line */
                       msgbuf[t++] = msgbuf[h++];
                       lws = 0;
               if (msgbuf[h] == ' ' || msgbuf[h] == '\t') {
                       if (lws) {
                       msgbuf[t++] = msgbuf[h++];
                       lws = 1;
               msgbuf[t++] = msgbuf[h++];
               if (lws)
                       lws = 0;
       msgbuf[t] = '\0';
       return t;

By: Mark Spencer (markster) 2004-04-27 18:26:37

Fair enough.  If "pedantic" is enabled, we do the extra reformatting.

By: Mark Spencer (markster) 2004-04-27 18:27:00

Fixed in CVS