Summary:	ASTERISK-10634: ast_unescape_semicolon causes SIP NOTIFY to loop for snom-check-cfg and snom-reboot
Reporter:	Fabian Hoppe (fabianhoppe)	Labels:
Date Opened:	2007-10-29 03:43:37	Date Closed:	2007-10-29 08:21:55
Priority:	Minor	Regression?	No
Status:	Closed/Complete	Components:	Channels/chan_sip/General
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:
Description:	When executing a SIP NOTIFY, the called message from sip_notify.conf is read and "unescaped" by calling utils.c/ast_unescape_semicolon. Most notifies don't contain semicolons but snom-check-cfg and snom-reboot. The first SIP NOTIFY sip-check-cfg works fine but executing this command a second time results in the SIP NOTIFY is being executed and hanging in a loop. The Asterisk process starts to consume 100% CPU and needs to get restarted. This is caused through an error in utils.c/ast_unescape_semicolon which parses through the notify message and replaces the "\;" by ";". This works fine the first time, the command is called but any further initiation results in a loop as all semicolon are already "unescaped". The code finds a ';' in the variable e but the if-statement is false as no matching '\\' exists at (e-1). Therefore the while condition stay true for ever. Please under "additional information" for a bug fix. ****** ADDITIONAL INFORMATION ****** Original code: char *ast_unescape_semicolon(char *s) {        char *e;        char *work = s;        while ((e = strchr(work, ';'))) {                if ((e > work) && (*(e-1) == '\\')) {                        memmove(e - 1, e, strlen(e) + 1);                        work = e;                }        }        return s; } Proposed bugfix: char *ast_unescape_semicolon(char *s) {        char *e;        char *work = s;        while ((e = strchr(work, ';'))) {                if ((e > work) && (*(e-1) == '\\')) {                        memmove(e - 1, e, strlen(e) + 1);                        work = e;                } else {                        work = e+1;                }        }        return s; }
Comments:	By: Theo Belder (tbelder) 2007-10-29 07:31:48 Is duplicate of bug 10550... By: Joshua C. Colp (jcolp) 2007-10-29 08:21:55 Closed as this is a duplicate of 10550.