[OpenSIPS-Users] s.escape.param transformation

Ben Newlin Ben.Newlin at genesys.com
Tue Oct 17 10:24:58 EDT 2017


Thanks very much, Bogdan.

While testing this, I also found something else which may or may not still be an issue (I’m still using 1.11.11).

I am using the parameter escape functionality on data that is being inserted into a local cache using cachedb_local module. In writing some tests for this functionality, I was attempting to use the MI interface to insert an escaped value into the cache and received errors.

$ opensipsctl fifo cache_store local IMC "713%20MYH"
/usr/local/lib64/opensips/opensipsctl/opensipsctl.unixsock: line 67: printf: `M': invalid format character

It seems that the printf function is being used somehow to insert the value into the cache and it is interpreting the % as a format placeholder.

Using printf escaping on the string makes it work:

$ opensipsctl fifo cache_store local IMC "713%%20MYH"

Not sure if this is a bug or if it should be documented or anything. Just thought I would mention it.

Thanks,
Ben Newlin


From: Bogdan-Andrei Iancu <bogdan at opensips.org>
Date: Tuesday, October 17, 2017 at 4:52 AM
To: OpenSIPS users mailling list <users at lists.opensips.org>, Ben Newlin <Ben.Newlin at genesys.com>
Subject: Re: [OpenSIPS-Users] s.escape.param transformation

Hi Ben,

Thank you for the report. I double checked with the RFC3261 and you are right.

I made the fix on head, 2.3 and 2.2 versions, see:
    https://github.com/OpenSIPS/opensips/commit/b5094f0dc6a4f52555f9cca1ea9df7c846749482<https://github.com/OpenSIPS/opensips/commit/b5094f0dc6a4f52555f9cca1ea9df7c846749482>

Best regards,


Bogdan-Andrei Iancu

  OpenSIPS Founder and Developer

  http://www.opensips-solutions.com<http://www.opensips-solutions.com>
On 10/16/2017 09:12 PM, Ben Newlin wrote:
Hi,

I think I’ve found an error in the escape transformations for parameters. The {s.escape.param} transformation is escaping many characters it shouldn’t.

For example, the following code:

$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");

produces this output:

test: %4d%59%48%20%37%31%33

Only the space character should have been converted, not all characters.

In looking through the source code, I think the problem is that the alphanum group of allowed characters is completely missed during the transformation in the escape_param function in strcommon.c. For comparison, the escape_user function has the following code allowing alphanum characters to copied without conversion:

if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') && (*p <= 'z')))
{
        *at = *p;
} else {
        switch(*p) {
…
I think similar logic is supposed to be in escape_param but is absent, resulting in all alphanum characters being converted to hex.

Thanks,

Ben Newlin





_______________________________________________

Users mailing list

Users at lists.opensips.org<mailto:Users at lists.opensips.org>

http://lists.opensips.org/cgi-bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171017/bcc08e99/attachment.html>


More information about the Users mailing list