Summary: | ASTERISK-13170: sip register: reserved character check not RFC 3261 compliant | ||
Reporter: | ffs (ffs) | Labels: | |
Date Opened: | 2008-12-05 12:36:54.000-0600 | Date Closed: | 2008-12-10 10:24:54.000-0600 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Interoperability |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | The checking of reserved characters within chan_sip.c is not RFC 3261 compliant. According to the RFC there are different reserved characters for username (* auth user), user (* username), password (* secret) and hostname (see below). chan_sip compares all above values against the SIP_RESERVED variable which is defined as ";/?:@&=+$,# ". This bug avoids registration to sip providers using allowed special characters within the user part or the authentication user (eg. bluesip.net, they use a '/' wihtin the auth user). A backport to the 1.6.0 branch, which is affected also, would be great. ****** ADDITIONAL INFORMATION ****** Sample error message while trying to register with bluesip.net: WARNING[4145]: chan_sip.c:6237 sip_register: A reserved character ('/') was used in a "register" line. This registration will not occur Excerpt from RFC 3261: username = "username" EQUAL username-value username-value = quoted-string quoted-string = SWS DQUOTE *(qdtext / quoted-pair ) DQUOTE qdtext = LWS / %x21 / %x23-5B / %x5D-7E / UTF8-NONASCII quoted-pair = "\" (%x00-09 / %x0B-0C / %x0E-7F) user = 1*( unreserved / escaped / user-unreserved ) user-unreserved = "&" / "=" / "+" / "$" / "," / ";" / "?" / "/" password = *( unreserved / escaped / "&" / "=" / "+" / "$" / "," ) hostname = *( domainlabel "." ) toplabel [ "." ] domainlabel = alphanum / alphanum *( alphanum / "-" ) alphanum toplabel = ALPHA / ALPHA *( alphanum / "-" ) alphanum | ||
Comments: | By: Mark Michelson (mmichelson) 2008-12-10 10:23:19.000-0600 This was introduced because of the fix for issue ASTERISK-12786. That issue probably affected maybe about 3 people total, and since the fix for it is now breaking SIP registrations for lots of people, I am going to revert that change and re-open issue ASTERISK-12786 instead. By: Digium Subversion (svnbot) 2008-12-10 10:24:53.000-0600 Repository: asterisk Revision: 162663 U branches/1.4/channels/chan_sip.c ------------------------------------------------------------------------ r162663 | mmichelson | 2008-12-10 10:24:51 -0600 (Wed, 10 Dec 2008) | 11 lines Revert fix for issue 13570. It has caused more problems than it helped to fix. (closes issue ASTERISK-12965) Reported by: navkumar (closes issue ASTERISK-13170) Reported by: ffs ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=162663 |