[Home]

Summary:ASTERISK-13170: sip register: reserved character check not RFC 3261 compliant
Reporter:ffs (ffs)Labels:
Date Opened:2008-12-05 12:36:54.000-0600Date Closed:2008-12-10 10:24:54.000-0600
Priority:MajorRegression?No
Status:Closed/CompleteComponents:Channels/chan_sip/Interoperability
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:The checking of reserved characters within chan_sip.c is not RFC 3261 compliant.

According to the RFC there are different reserved characters for username (* auth user), user (* username), password (* secret) and hostname (see below).
chan_sip compares all above values against the SIP_RESERVED variable which is defined as ";/?:@&=+$,# ".

This bug avoids registration to sip providers using allowed special characters within the user part or the authentication user (eg. bluesip.net, they use a '/' wihtin the auth user).

A backport to the 1.6.0 branch, which is affected also, would be great.

****** ADDITIONAL INFORMATION ******

Sample error message while trying to register with bluesip.net:

WARNING[4145]: chan_sip.c:6237 sip_register: A reserved character ('/') was used in a "register" line. This registration will not occur

Excerpt from RFC 3261:

username          =  "username" EQUAL username-value
username-value    =  quoted-string

quoted-string  =  SWS DQUOTE *(qdtext / quoted-pair ) DQUOTE
qdtext         =  LWS / %x21 / %x23-5B / %x5D-7E / UTF8-NONASCII

quoted-pair  =  "\" (%x00-09 / %x0B-0C / %x0E-7F)

user             =  1*( unreserved / escaped / user-unreserved )
user-unreserved  =  "&" / "=" / "+" / "$" / "," / ";" / "?" / "/"

password         =  *( unreserved / escaped / "&" / "=" / "+" / "$" / "," )

hostname         =  *( domainlabel "." ) toplabel [ "." ]
domainlabel      =  alphanum / alphanum *( alphanum / "-" ) alphanum
toplabel         =  ALPHA / ALPHA *( alphanum / "-" ) alphanum
Comments:By: Mark Michelson (mmichelson) 2008-12-10 10:23:19.000-0600

This was introduced because of the fix for issue ASTERISK-12786. That issue probably affected maybe about 3 people total, and since the fix for it is now breaking SIP registrations for lots of people, I am going to revert that change and re-open issue ASTERISK-12786 instead.

By: Digium Subversion (svnbot) 2008-12-10 10:24:53.000-0600

Repository: asterisk
Revision: 162663

U   branches/1.4/channels/chan_sip.c

------------------------------------------------------------------------
r162663 | mmichelson | 2008-12-10 10:24:51 -0600 (Wed, 10 Dec 2008) | 11 lines

Revert fix for issue 13570. It has caused more problems than
it helped to fix.

(closes issue ASTERISK-12965)
Reported by: navkumar


(closes issue ASTERISK-13170)
Reported by: ffs


------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=162663