[OpenSIPS-Users] s.escape.param transformation
Ben Newlin
Ben.Newlin at genesys.com
Tue Oct 17 10:24:58 EDT 2017
Thanks very much, Bogdan.
While testing this, I also found something else which may or may not still be an issue (I’m still using 1.11.11).
I am using the parameter escape functionality on data that is being inserted into a local cache using cachedb_local module. In writing some tests for this functionality, I was attempting to use the MI interface to insert an escaped value into the cache and received errors.
$ opensipsctl fifo cache_store local IMC "713%20MYH"
/usr/local/lib64/opensips/opensipsctl/opensipsctl.unixsock: line 67: printf: `M': invalid format character
It seems that the printf function is being used somehow to insert the value into the cache and it is interpreting the % as a format placeholder.
Using printf escaping on the string makes it work:
$ opensipsctl fifo cache_store local IMC "713%%20MYH"
Not sure if this is a bug or if it should be documented or anything. Just thought I would mention it.
Thanks,
Ben Newlin
From: Bogdan-Andrei Iancu <bogdan at opensips.org>
Date: Tuesday, October 17, 2017 at 4:52 AM
To: OpenSIPS users mailling list <users at lists.opensips.org>, Ben Newlin <Ben.Newlin at genesys.com>
Subject: Re: [OpenSIPS-Users] s.escape.param transformation
Hi Ben,
Thank you for the report. I double checked with the RFC3261 and you are right.
I made the fix on head, 2.3 and 2.2 versions, see:
https://github.com/OpenSIPS/opensips/commit/b5094f0dc6a4f52555f9cca1ea9df7c846749482<https://github.com/OpenSIPS/opensips/commit/b5094f0dc6a4f52555f9cca1ea9df7c846749482>
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com<http://www.opensips-solutions.com>
On 10/16/2017 09:12 PM, Ben Newlin wrote:
Hi,
I think I’ve found an error in the escape transformations for parameters. The {s.escape.param} transformation is escaping many characters it shouldn’t.
For example, the following code:
$var(test) = "MYH 713";
xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");
produces this output:
test: %4d%59%48%20%37%31%33
Only the space character should have been converted, not all characters.
In looking through the source code, I think the problem is that the alphanum group of allowed characters is completely missed during the transformation in the escape_param function in strcommon.c. For comparison, the escape_user function has the following code allowing alphanum characters to copied without conversion:
if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') && (*p <= 'z')))
{
*at = *p;
} else {
switch(*p) {
…
I think similar logic is supposed to be in escape_param but is absent, resulting in all alphanum characters being converted to hex.
Thanks,
Ben Newlin
_______________________________________________
Users mailing list
Users at lists.opensips.org<mailto:Users at lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171017/bcc08e99/attachment.html>
More information about the Users
mailing list