Summary:ASTERISK-12786: [patch] Malformed registration line is copied verbatim in To and From headers
Reporter:Mark Michelson (mmichelson)Labels:
Date Opened:2008-09-26 18:37:18Date Closed:2008-12-11 15:10:20.000-0600
Versions:Frequency of
Environment:Attachments:( 0) 13570_14.patch
( 1) 13570.patch
Description:If a register line in Asterisk is mistyped, like "register => register => user:password@domain/contact", then the To and From headers Asterisk sends out will contain the (unquoted) string

"sip:register => user:password@domain/contact>"

We should check for reserved characters, print a big warning message, and not send a REGISTER if they are present in any of the individual components on the register line.


This was reported in #asterisk-dev, and I agreed to go ahead and report the bug on the tracker myself. While this was reported against Asterisk version 1.6.0-rc6, the bug may be present in 1.4 as well.
Comments:By: Mark Michelson (mmichelson) 2008-09-26 18:53:52

The uploaded patch will not allow for reserved characters to be used in the username, secret, or authuser portions of the register line in sip.conf. Limited testing shows that this works effectively.

By: Mark Michelson (mmichelson) 2008-09-26 19:08:42

13570_14.patch is a 1.4 version of the patch. I realized that 13570.patch would print the wrong character when telling that a reserved character had been used, so this eliminates the problem by stating in general that a reserved character has been used.

I'm not particularly satisfied with the lack of detail in the message, but this is a first attempt at a patch. The logic is fine, but the reporting could be more powerful.

By: Digium Subversion (svnbot) 2008-10-14 15:38:37

Repository: asterisk
Revision: 149130

U   branches/1.4/channels/chan_sip.c

r149130 | mmichelson | 2008-10-14 15:38:36 -0500 (Tue, 14 Oct 2008) | 7 lines

Don't allow reserved characters to be used in register
lines in sip.conf.

(closes issue ASTERISK-12786)
Reported by: putnopvut



By: Mark Michelson (mmichelson) 2008-12-10 10:36:21.000-0600

Re-opening. My initial fix caused worse issues than than this initial problem.

By: Mark Michelson (mmichelson) 2008-12-11 15:10:20.000-0600

I'm just going to close this. I reported this issue myself and I don't actually know of anyone who has this problem, nor do I know of anyone who wouldn't immediately realize their problem and change the setting to be correct if they put something bogus for the register line.