T.R. Missner wrote:
Hello,
Today I stumbled upon an issue while using exec_dset.
If the R-URI has a parameter in it like the following:
sip:+12125551212@208.1.1.1;dt=180 SIP/2.0
When exec_dset sends the R-URI as a command line param to the command
specified when called like:
exec_dset("/usr/local/bin/dostuff.pl");
popen is used to exec a new shell passing
"/usr/local/bin/dostuff.pl sip:+12125551212@208.1.1.1;dt=180 SIP/2.0" as
the command
The ; in the RURI is interpreted by the shell as the end of the
parameter.
This causes the dt=180 portion of the R-URI to passed directly to the
shell causing an error.
It seems this problem could be exploited by an enterprising hacker.
A solution would be to check the param string for semi-colons and if
found escape them with a backslash ( \ ).
I am working on this code now.
Is this a known issue?
Is there a better solution?
Probably the best solution would be to avoid exec at all. I managed to
got rid of all execs by using avp_db_load.
regards
klaus