Summary:ASTERISK-27290: res_pjsip: PIDF contact field has malformed/invalid XML
Reporter:basildane (basildane)Labels:pjsip
Date Opened:2017-09-23 21:21:41Date Closed:2017-11-13 06:33:19.000-0600
Versions:14.6.1 Frequency of
Environment:FreePBX distro 14.Attachments:( 0) pjsip.conf
Description:Starting in Asterisk 14, the notify pidf presence *contact* field has malformed xml.  The field contains "&quot", "&lt", and "&gt" where the actual characters should be.
Comments:By: Asterisk Team (asteriskteam) 2017-09-23 21:21:42.947-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: basildane (basildane) 2017-09-25 11:54:45.928-0500

{code:xml|title=SIP NOTIFY Example}
           &quot;255&quot; &lt;sip:255@voip.aquilatech.com&gt;

By: Joshua C. Colp (jcolp) 2017-09-25 11:58:29.237-0500

Thank you for taking the time to report this bug and helping to make Asterisk better. Unfortunately, we cannot work on this bug because your description did not include enough information. Please read over the Asterisk Issue Guidelines [1] which discusses the information necessary for your issue to be resolved and the format that information needs to be in. We would be grateful if you would then provide a more complete description of the problem. At a minimum, we need:

1. The specific steps or actions you took that caused you to encounter the problem.
2. The behavior you expected and the location of documentation that led you to that expectation.
3. The behavior you actually encountered.

To demonstrate the issue in detail, please include Asterisk log files generated per the instructions on the wiki [2]. If applicable, please ensure that protocol-level trace debugging is enabled, e.g., 'sip set debug on' if the issue involves chan_sip, and configuration information such as dialplan and channel configuration.


[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

[2] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information

For example - you haven't stated which channel driver this is in reference to as there are now two that implement SIP.

By: basildane (basildane) 2017-09-25 12:02:21.893-0500

I think we posted at the exact same time.

The channel is PJSIP.  I attached a comment which shows the whole issue.  Do you still need more?

By: Rusty Newton (rnewton) 2017-10-02 15:53:35.579-0500

Can you attach the configuration of PJSIP and dialplan that results in the generated XML?

By: basildane (basildane) 2017-10-03 10:59:15.766-0500

I attached pjsip.conf.  You do not need that, and you don't need a dialplan.  You don't need to call anyone to reproduce it.
Just subscribe to ANY extension and you will see the corruption.
It's absolutely trivial to reproduce.

By: Ingo Bauersachs (ibauersachs) 2017-10-03 15:59:17.018-0500

If I may chime in here. This issue was originally reported in as [Jitsi issue 388|https://github.com/jitsi/jitsi/issues/388]. The content of the contact element in the posted example is invalid since it contains more than a URL:
The <contact> element contains a URL of the contact address
[RFC3863#4.1.5|https://tools.ietf.org/html/rfc3863#section-4.1.5]. See also all the examples of {{<contact/>}} elements in the RFC.

The unit tests I found in [Gerrit|https://gerrit.asterisk.org/#/c/1023/4/tests/channels/pjsip/subscriptions/presence/verify_bodies/verify_pidf/test-config.yaml] explicitly check that stuff like {{"alice" <sip:alice@>}} is okay. Which is wrong, it's invalid.

In {{res_pjsip_pidf_body_generator::pidf_generate_body_content}}, the contact content is taken from {{ast_sip_exten_state_data.remote}}. The value of {{remote}} is set by {{ast_sip_subscription_get_remote_uri}} and taken from {{pjsip_dialog->remote.info_str}} while I think this should be {{pjsip_dialog->remote.contact.uri}}.


By: Friendly Automation (friendly-automation) 2017-11-13 06:33:20.928-0600

Change 7010 merged by Jenkins2:
res_pjsip_pubsub: Ensure remote URI contains URI only.


By: Friendly Automation (friendly-automation) 2017-11-13 06:43:55.437-0600

Change 7011 merged by Jenkins2:
res_pjsip_pubsub: Ensure remote URI contains URI only.


By: Friendly Automation (friendly-automation) 2017-11-13 07:12:48.613-0600

Change 7012 merged by Jenkins2:
res_pjsip_pubsub: Ensure remote URI contains URI only.


By: basildane (basildane) 2017-12-04 10:48:55.867-0600

Joshua, a quick question?
I see the issue was fixed (thank you), but I am having trouble understanding the release process.
The target release is "none".
I've upgraded to 15.1.3 (built a few days ago) but there is no evidence of this fix going into production.

Can you explain?

By: Asterisk Team (asteriskteam) 2017-12-04 10:48:56.236-0600

This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.

By: Richard Mudgett (rmudgett) 2017-12-04 10:55:05.690-0600

v15.1.3 Was a security fix that only had one patch applied to fix the security issue.
This fix will go out in the next normal release which for v15 will be v15.2.0.

By: Joshua C. Colp (jcolp) 2017-12-04 10:56:04.791-0600

The 15.1.3 release was a security fix only, it did not include bug fixes. The next bug fix release would be 15.2.0. When the release process occurs then the target will be updated here.