[OpenSIPS-Users] s.escape.param transformation

Ben Newlin Ben.Newlin at genesys.com
Mon Oct 16 14:12:37 EDT 2017


I think I’ve found an error in the escape transformations for parameters. The {s.escape.param} transformation is escaping many characters it shouldn’t.

For example, the following code:

$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");

produces this output:

test: %4d%59%48%20%37%31%33

Only the space character should have been converted, not all characters.

In looking through the source code, I think the problem is that the alphanum group of allowed characters is completely missed during the transformation in the escape_param function in strcommon.c. For comparison, the escape_user function has the following code allowing alphanum characters to copied without conversion:

if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') && (*p <= 'z')))
        *at = *p;
} else {
        switch(*p) {
I think similar logic is supposed to be in escape_param but is absent, resulting in all alphanum characters being converted to hex.


Ben Newlin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171016/462ffc35/attachment-0001.html>

More information about the Users mailing list