[OpenSIPS-Users] s.escape.param transformation

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Oct 17 04:51:08 EDT 2017


Hi Ben,

Thank you for the report. I double checked with the RFC3261 and you are 
right.

I made the fix on head, 2.3 and 2.2 versions, see:
https://github.com/OpenSIPS/opensips/commit/b5094f0dc6a4f52555f9cca1ea9df7c846749482

Best regards,

Bogdan-Andrei Iancu
   OpenSIPS Founder and Developer
   http://www.opensips-solutions.com

On 10/16/2017 09:12 PM, Ben Newlin wrote:
>
> Hi,
>
> I think I’ve found an error in the escape transformations for 
> parameters. The {s.escape.param} transformation is escaping many 
> characters it shouldn’t.
>
> For example, the following code:
>
> $var(test) = "MYH 713";
>
> xlog("L_ALERT", "test: $(var(test){s.escape.param})\n");
>
> produces this output:
>
> test: %4d%59%48%20%37%31%33
>
> Only the space character should have been converted, not all characters.
>
> In looking through the source code, I think the problem is that the 
> alphanum group of allowed characters is completely missed during the 
> transformation in the escape_param function in strcommon.c. For 
> comparison, the escape_user function has the following code allowing 
> alphanum characters to copied without conversion:
>
> if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || ((*p >= 'a') 
> && (*p <= 'z')))
>
> {
>
>         *at = *p;
>
> } else {
>
> switch(*p) {
>
>>
> I think similar logic is supposed to be in escape_param but is absent, 
> resulting in all alphanum characters being converted to hex.
>
> Thanks,
>
> Ben Newlin
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171017/e7a69830/attachment-0001.html>


More information about the Users mailing list