[Kamailio-Devel] [ openser-Bugs-2047019 ] URI userinfo is case **sensitive**

SourceForge.net noreply at sourceforge.net
Tue Aug 12 10:10:48 CEST 2008 

Bugs item #2047019, was opened at 2008-08-11 23:59
Message generated for change (Comment added) made by ibc_sf
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2047019&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Iaki Baz (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
Summary: URI userinfo is case **sensitive**

Initial Comment:
Hi, Kamailio matches the following when RURI="sip:aa at domain.com":

  if ($rU == "Aa")  => returns true

But this is not valid since userinfo part of an URI is case *sensitive* (but not the protocol, domain, uri parameters and header parameters):

--------------
19.1.4 URI Comparison

      o  Comparison of the userinfo of SIP and SIPS URIs is case-
         sensitive.  This includes userinfo containing passwords or
         formatted as telephone-subscribers.  Comparison of all other
         components of the URI is case-insensitive unless explicitly
         defined otherwise.
--------------


Also, URI parameters matching in Kamailio is wrong since it compares all the parameters in URI A with all parameters in URI B. For example, Kamamilio says those two URI's are not equal when in fact they are:

  URI A = sip:aa at domain;kk
  URI A = sip:aa at domain;qq

--------------
      o  URI uri-parameter components are compared as follows:

         -  Any uri-parameter appearing in both URIs must match.

         -  A user, ttl, or method uri-parameter appearing in only one
            URI never matches, even if it contains the default value.

         -  A URI that includes an maddr parameter will not match a URI
            that contains no maddr parameter.

         -  All other uri-parameters appearing in only one URI are
            ignored when comparing the URIs.
--------------

Well, I think this is a pain, but near 60% in SIP is a pain XD

----------------------------------------------------------------------

>Comment By: Iaki Baz (ibc_sf)
Date: 2008-08-12 10:10

Message:
Logged In: YES 
user_id=1844020
Originator: YES

@miconda:
> The string operations in script are case insensitive. avp_check() can
do
> case sensitive comparisons.

I can sure that the following comparisions are case insensitive in
Kamailio so I assume they are not "normal" string operations:

  1) $rU == "Aa"
  2) $rd == "doMAin.cOM"
  3) uri == "SIp:AA at DOMAin.com"

Al of those comparisions return true if the RURI = "sip:aa at domain.com",
but 1) is wrong since userinfo MUST be case sensitive as per RFC 3261.


@oej:
> URI comparision is a bit more complicated than strcmp, so in that case 
> we need a uricmp() function. However, the username part only is a bit
more
> easy.

Also take in count that:

- URI protocol: case insensitive ("sip" == "SIp")

- URI userinfo: case sensitive, allows hexadecimal escaping ("alice" ==
"%61alice != "Alice")

- URI host: case insensitive ("kamailio.org" == "KAMAIlio.org")

- URI parameters (key and value): case insensitive, allows hexadecimal
escaping ("tag=alice" == "T%61G=%61aliCE")
Also note that if the host is a IPv4 or IPv6 then binary matching must be
permormed ("1.2.3.4 == 1.002.03.4").

- URI headers: (I prefer to forget those useles URI components...).

----------------------------------------------------------------------

Comment By: Olle E. Johansson (oej)
Date: 2008-08-12 09:50

Message:
Logged In: YES 
user_id=7341
Originator: NO

URI comparision is a bit more complicated than strcmp, so in that case we
need a uricmp() function. However, the username part only is a bit more
easy.


----------------------------------------------------------------------

Comment By: Daniel-Constantin Mierla (miconda)
Date: 2008-08-12 09:40

Message:
Logged In: YES 
user_id=1246013
Originator: NO

The string operations in script are case insensitive. avp_check() can do
case sensitive comparisons.

As operations flexibility give configuration file power, we would need a
new set of operators to differentiate between case sensitive and
insensitive. Alternative is to introduce function in core like
strcmp/strcasecmp.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2047019&group_id=139143

More information about the Devel mailing list