Summary:ASTERISK-07564: Requests handling do not comply to RFC 2616
Reporter:Sergey Melnik (serg_melnik)Labels:
Date Opened:2006-08-20 02:56:39Date Closed:2011-06-07 14:08:18
Versions:Frequency of
Description:RFC 2616 section 4.2 states that 'Header fields can be extended over multiple lines by preceding each extra line with at least one SP or HT.'
That does not implemented by Asterisk and I had a problem with some phone that was using this wired multiline formatting in Authorization header that lead to 403 error from Asterisk.


Proposed solution that worked for me:
File: chan_sip.c
Method: static void parse_request(struct sip_request *req)
Begining of the method:
/* Divide fields by NULL's */
char *c;
int f = 0;

c = req->data;

/* First header starts immediately */
req->header[f] = c;
while(*c) {
if (*c == '\n') {
           //sm start
           // rfc2616 #4.2 compliance - if not empty line and next line starts with
           // space or tab then the header continues
if (!ast_strlen_zero(req->header[f]) && (*(c+1) == ' ' || *(c+1) == '\t')) {
                   char *dst = c;
                   while (dst > req->data && *(dst-1) == 0)  {
                           dst--;          // that was \r
                   c++;                    // move through \n
                   while (*c == ' ' || *c == '\t') { // move through spaces and tabulations
                   memmove(dst, c, strlen(c)+1);     // 'eat' the \n\r and consequent spaces
                   c = dst;
           //sm end

The rest of the method is the same as original. The part that is changed is between the //sm start ... //sm end lines.
Comments:By: Serge Vecher (serge-v) 2006-08-21 09:34:48

does setting pedantic=yes in sip.conf resolve this issue?

By: Sergey Melnik (serg_melnik) 2006-08-22 00:18:34

It does not help.
I believe, pedantic handles only spaces within the header, while here the problem is that the header is parsed incorrectly, i.e. method were pedantic comes in play already has incorrect data, as header is expected to be exactly one line (until \n) and not more.
For example, this Authorization header gets corrupted in Asterisk:

Authorization: Digest username="x",realm="asterisk",nonce="xxxx",uri="sip:xxx.xxx.xxx.xxx",algorithm=MD5,

Please, note, that response is places on a new line that starts with the space. ASterisk gets the Auth header without 'response' parameter. Response parameter is threated as another header, thought invalid.

By: Serge Vecher (serge-v) 2006-08-22 08:45:55

serg_melnik: thanks for trying... If you don't mind, please:
1) get a disclaimer on file (see bottom of http://bugs.digium.com/main_page.php) and confirm with a note here when done.
2) It would be great if you could upload your change as a patchfile. See  http://www.asterisk.org/developers/Patch_Howto


By: Olle Johansson (oej) 2006-08-30 09:50:36

pedantic=yes does indeed support multiline headers. Something else must be wrong here.

By: Sergey Melnik (serg_melnik) 2006-08-30 19:35:49

Sorry, I must have missed something. I checked it again on the trunk and pedantic really works. Don't know why it was not working before, may be I did some typo.
Sorry about that.

By: Joshua C. Colp (jcolp) 2006-09-27 16:21:46

Was a configuration issue, pedantic for the win!