| Summary: | ASTERISK-25138: Unclosed parenthesis in AGI argument leads to further arguments concatenated - parameter quoting not respected | ||
| Reporter: | alexr1 (alexr1) | Labels: | |
| Date Opened: | 2015-05-27 22:03:13 | Date Closed: | |
| Priority: | Minor | Regression? | |
| Status: | Open/New | Components: | Core/General Resources/res_agi |
| Versions: | 13.4.0 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Asterisk 11.10.2 | Attachments: | |
| Description: | This is an observation from our production environment. Currently we don't have anything higher than 11.10.2 running, so I can't test it on more recent versions.
I'm passing a variable (PBXCIDNAME) to PBXIN.php as the third argument. The PBXCIDNAME is "Example Long Caller ID Name (" and so it ends with an open parenthesis (Note, when there is a closed parenthesis, everything works normally!). For some reason, this causes asterisk to combine the arguments that follow with the third argument, resulting in: agi_arg_1: 1234567890 agi_arg_2: 0399999999 agi_arg_3: Example Long Caller ID Name (,,29457297,,SIP/example-00073f0f Instead of: agi_arg_1: 1234567890 agi_arg_2: 0399999999 agi_arg_3: Example Long Caller ID Name ( agi_arg_4: agi_arg_5: 29457297 agi_arg_6: agi_arg_7: SIP/example-00073f0f Steps to reproduce the problem: Extensions.conf: {code} exten => s,8,AGI(PBXIN.php,${FROM_DID},${PBXCID},${PBXCIDNAME},${PBXVR},${PBXCALLID},${PBXWL},${CHANNEL}) {code} Console: {code} -- Executing [s@pbx-incoming:8] AGI("SIP/example-00073f0f", "PBXIN.php,1234567890,0399999999,Example Long Caller ID Name (,,29457297,,SIP/example-00073f0f") in new stack {code} AGI Debug Log: {code} AGI Tx >> agi_request: PBXIN.php AGI Tx >> agi_channel: SIP/example-00073f0f AGI Tx >> agi_language: en AGI Tx >> agi_type: SIP AGI Tx >> agi_uniqueid: 1432778055.480828 AGI Tx >> agi_version: 11.10.2 AGI Tx >> agi_callerid: 0399999999 AGI Tx >> agi_calleridname: Example Long Caller ID Name ( AGI Tx >> agi_callingpres: 0 AGI Tx >> agi_callingani2: 0 AGI Tx >> agi_callington: 0 AGI Tx >> agi_callingtns: 0 AGI Tx >> agi_dnid: 1234567890 AGI Tx >> agi_rdnis: unknown AGI Tx >> agi_context: pbx-incoming AGI Tx >> agi_extension: s AGI Tx >> agi_priority: 8 AGI Tx >> agi_enhanced: 0.0 AGI Tx >> agi_accountcode: AGI Tx >> agi_threadid: 139894436325120 AGI Tx >> agi_arg_1: 1234567890 AGI Tx >> agi_arg_2: 0399999999 AGI Tx >> agi_arg_3: Example Long Caller ID Name (,,29457297,,SIP/example-00073f0f {code} | ||
| Comments: | By: Richard Mudgett (rmudgett) 2015-05-28 10:57:12.196-0500 Try adding quotes around the caller id name instead: {noformat} exten => s,8,AGI(PBXIN.php,${FROM_DID},${PBXCID},"${PBXCIDNAME}",${PBXVR},${PBXCALLID},${PBXWL},${CHANNEL}) {noformat} By: Rusty Newton (rnewton) 2015-05-28 19:03:31.305-0500 Yeah I think quotes is the solution here. I don't believe this is a bug.. By: alexr1 (alexr1) 2015-05-28 20:52:55.747-0500 I tried the quotes - it didn't help (although the quotes appeared in the console when the AGI loaded, they did not appear in the agi debug variables, and the end result was the same). This reminds me of another problem - if a variable contains a comma, it effectively pushes all of the arguments along by one. It would be great if Asterisk could automatically escape commas and other characters like parenthesis - it would solve both of these problems. By: Richard Mudgett (rmudgett) 2015-06-05 14:17:35.458-0500 In this particular case you don't need to pass the caller id as a parameter to the AGI since that is passed in as an environment variable to the AGI script. See {{AGI Tx >> agi_calleridname: Example Long Caller ID Name (}} By: Rusty Newton (rnewton) 2015-06-05 16:51:25.322-0500 I'm going to open this up. It was easy to reproduce and if anything we should at least be able to use quotes here to identify the string as a string literal. If we can or can't for whatever reason, then we need to document usage on the wiki. Documentation should probably go here: https://wiki.asterisk.org/wiki/display/AST/Parameter+Quoting , which looks like it needs to be updated anyway. By: alexr1 (alexr1) 2015-06-06 01:39:34.051-0500 @Richard I find that AGI's process much faster when passing the variables I need as arguments (and in this case I wanted to keep track of the original untouched CID name in case of applying a new prefix to it). @Rusty I like the idea of parameter quoting, however according to that doc the double quotes would be passed onto the command. I've got a couple of points in respect to that: 1) I think this should be able to work without parameter quoting, which seems to be for a different purpose (explicit data types, rather than the way individual arguments are evaluated and passed between functions) 2) If the fix was just to add quotes, then it will cause a lot of dialplan and AGI work to prevent this bug from occurring (leaving people susceptible to attacks) 3) At the core of it, shouldn't we be checking how variables and arguments are evaluated before being passed to a function (regardless of quotes to determine object type)? and why/how anything in variable could be evaluated outside of the scope of the single argument that it is? I don't have an understanding of how it works for Asterisk, but after that argument is evaluated, if it is a string - shouldn't it automatically escape all special characters before submitting all of the arguments to the function (which apparently happens as a string for AGI's?) Thank you both for taking the time to look into this! | ||