Summary:ASTERISK-07390: PrivacyManager app doesn't check the incoming CID matches the minimum length
Reporter:evilbunny (evilbunny)Labels:
Date Opened:2006-07-24 11:39:53Date Closed:2011-06-07 14:07:25
Versions:Frequency of
Description:Currently when running the privacy manager, if you have anything in CALLERIDNUM privacymanager simply drops skipping any checks.

Wouldn't it make more sense to have PrivacyManager actually check the length matches the user settings.

For example, I set minimumlength to 7, yet even having "123" will cause privacy manager to skip any further checks...
Comments:By: evilbunny (evilbunny) 2006-07-24 12:00:18

CALLERIDNUM variable doesn't get updated correctly when user input matches criteria either.

                       pbx_builtin_setvar_helper(chan, "PRIVACYMGRSTATUS", "SUCCESS");
+                         pbx_builtin_setvar_helper(chan, "CALLERIDNUM", chan->cid.cid_num);

will fix this...

By: Joshua C. Colp (jcolp) 2006-07-24 12:29:07

One thing at a time...

The configuration option is for minimum input length if no callerid is present, I suppose an option or something could be added so the length is checked as well.

As for CALLERIDNUM this is deprecated and removed in trunk, you should be using ${CALLERID(num)} instead.

By: evilbunny (evilbunny) 2006-07-24 12:38:53

As for minimum length, isn't it a safe assumption that the user wanted a minium length of x digits regardless if it was from CID or inputted?

By: Joshua C. Colp (jcolp) 2006-07-24 12:45:10

Not really, depending on how someone had their dialplan setup... this might hurt them. If they had it so internal calls had the callerid of their extension (4 digits for example) but those calls went through the privacy manager too... then they could potentially get bitten by this assumption. That's why I talked about using an option instead. I suggest getting more feedback though from other individuals, what you think and what others think may vary.

By: evilbunny (evilbunny) 2006-07-24 12:56:41

I don't think people would be using PrivacyManager on an internal dialplan, at least no sane person should, it should only be contained in contexts that external calls hit...

Others have thought of attacking the problem slightly differently here http://www.voip-info.org/wiki/index.php?page=Asterisk+cmd+PrivacyManager

By: Serge Vecher (serge-v) 2006-09-01 14:36:46

ok, so where are we now?

By: Steve Murphy (murf) 2006-10-05 20:13:59

evilbunny? Still around? You made complaints:

a. variable CALLERIDNUM isn't updated.
b. minlength should also apply to CID.

file explained (a), and function doesn't even do anything if the telco supplies any kind of number at all, long or short. That's documented for this function,
and proper behavior.

Having minlength apply to CID doesn't make sense...  CID comes from your phone company, or whoever you hook up to. If they give you a number, short or long, it's from them, and hopefully repeatable, and hopefully identifies a caller.

When the telco doesn't give you **anything**, that's when this app is meant to kick in. And if it asked for a number, that number is tagged with "Privacy Manager" as the name field, so you can discern where this number came from.
The pair of name <number> or "Privacy Manager" <number> gives you information about the trust/verity of the number, and where it came from.

You see, anonymous callers have nothing to lose-- you can never really fully trust the information they give you. They can just as easily fudge it with the President's white-house number, or just punch in your number, or whatever. You have no way to verify the rightness or wrongness of the number given. All you really do is use the "Privacy Manager" tag to say, "OK, hmmm. That number could be fake."

BTW, you don't have to use PrivacyManager if it doesn't fit your needs. It wouldn't be that hard to write your own version in AEL or plain extensions.conf format, and have it do whatever you want, including enforcing minimum lengths on telco-supplied cid numbers. Matter of fact, it would pretty easy to test the length of the incoming number, and if it falls below standards, you could zero out the callerid, and then call the privacymanager app to fetch a good one.

So, unless you have some really cogent argument about what's wrong with this app, now's the time to make it. I'll close this issue tommorrow otherwise.

By: Steve Murphy (murf) 2006-10-09 08:44:09

No response. Assuming that there is no additional input.