[OpenSIPS-Users] s.escape.param transformation

Ben Newlin Ben.Newlin at genesys.com
Tue Oct 17 10:24:58 EDT 2017

Thanks very much, Bogdan.

While testing this, I also found something else which may or may not still be an issue (I’m still using 1.11.11).

I am using the parameter escape functionality on data that is being inserted into a local cache using cachedb_local module. In writing some tests for this functionality, I was attempting to use the MI interface to insert an escaped value into the cache and received errors.

$ opensipsctl fifo cache_store local IMC "713%20MYH"
/usr/local/lib64/opensips/opensipsctl/opensipsctl.unixsock: line 67: printf: `M': invalid format character

It seems that the printf function is being used somehow to insert the value into the cache and it is interpreting the % as a format placeholder.

Using printf escaping on the string makes it work:

$ opensipsctl fifo cache_store local IMC "713%%20MYH"

Not sure if this is a bug or if it should be documented or anything. Just thought I would mention it.

Ben Newlin

From: Bogdan-Andrei Iancu <bogdan at opensips.org>
Date: Tuesday, October 17, 2017 at 4:52 AM
To: OpenSIPS users mailling list <users at lists.opensips.org>, Ben Newlin <Ben.Newlin at genesys.com>
Subject: Re: [OpenSIPS-Users] s.escape.param transformation

Hi Ben,

Thank you for the report. I double checked with the RFC3261 and you are right.

I made the fix on head, 2.3 and 2.2 versions, see:

Best regards,

Bogdan-Andrei Iancu

  OpenSIPS Founder and Developer

On 10/16/2017 09:12 PM, Ben Newlin wrote:

I think I’ve found an error in the escape transformations for parameters. The {s.escape.param} transformation is escaping many characters it shouldn’t.

For example, the following code:

$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");

produces this output:

test: %4d%59%48%20%37%31%33

Only the space character should have been converted, not all characters.

In looking through the source code, I think the problem is that the alphanum group of allowed characters is completely missed during the transformation in the escape_param function in strcommon.c. For comparison, the escape_user function has the following code allowing alphanum characters to copied without conversion:

if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') && (*p <= 'z')))
        *at = *p;
} else {
        switch(*p) {
I think similar logic is supposed to be in escape_param but is absent, resulting in all alphanum characters being converted to hex.


Ben Newlin


Users mailing list

Users at lists.opensips.org<mailto:Users at lists.opensips.org>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171017/bcc08e99/attachment.html>

More information about the Users mailing list