| Summary: | ASTERISK-26151: pjsip: AOR regex based retrieval does not escape characters | ||
| Reporter: | erebus (erebus) | Labels: | |
| Date Opened: | 2016-06-26 08:10:09 | Date Closed: | 2017-12-13 11:35:31.000-0600 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | 13.9.1 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Debian Sid | Attachments: | |
| Description: | In source file asterisk/res/res_pjsip/location.c, there are several lines which pass AOR identifiers into regular expressions without proper escaping.
For AORs that include regex metacharacters (such as +0000, bobby+tables or Tables*Bobby), this means that the resulting regex will be incorrect, breaking contact lookups and inbound calling. I suggest that AOR identifiers be escaped before being inserted into regular expressions. See also: • https://xkcd.com/327/ • https://community.asterisk.org/t/pjsip-show-contacts-and-pjsip-dial-contacts-dont-see-my-contact-objects-cannot-receive-calls-in-asterisk-13-9-1/67156 | ||
| Comments: | By: Asterisk Team (asteriskteam) 2016-06-26 08:10:11.219-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Sean Bright (seanbright) 2017-12-13 11:35:31.427-0600 Fixed by https://gerrit.asterisk.org/#/c/7242/ | ||