[OpenSER-Devel] [ openser-Bugs-1969445 ] uri_db: check_to() should allow hex escaped username
SourceForge.net
noreply at sourceforge.net
Fri Jul 11 13:20:55 CEST 2008
Bugs item #1969445, was opened at 2008-05-22 09:09
Message generated for change (Settings changed) made by henningw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1969445&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Iaki Baz (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
>Summary: uri_db: check_to() should allow hex escaped username
Initial Comment:
To be RFC3261 compliant a SIP proxy should accept hex encoded username in any URI, this is:
sip:alice at domain == sip:%61l%69ce at domain
For allowing this we must use, explicitely, the trnasformation $(rU{s.unescape.user}). Unfortunatelly RFC3261 allows this hex escaping in any URI (From uri, To uri, Contact uri...).
But, is OpenSer ready to allow this escaped system globally? I don't think so. For example I send a REGISTER:
-------------------
REGISTER sip:openser.org SIP/2.0
From: sip:%3800 at openser.org;tag=18349ed0
To: sip:%3800 at openser.org
Contact: sip:800 at 90.90.90.90
-------------------
NOTE that "%3800" == "800".
When OpenSer requires me authentication I send:
-------------------
REGISTER sip:openser.org SIP/2.0
From: sip:%3800 at openser.org;tag=18349ed0
To: sip:%3800 at openser.org
Contact: sip:800 at 90.90.90.90
Authorization: Digest username="800", uri="sip:openser.org", algorithm=MD5, realm="openser.org", nonce="45353832c42ccf694d4f4aad19e3da236a84dd4d", qop=auth, nc=00000001, cnonce="76fe7385", response="6f19337d47752e6bc60b689d2688793f"
-------------------
NOTE that Digest username is "800" (it cannot be escaped).
But in OpenSer I use "check_to()" to verify if Digest username is equal to username in "To" header, so "check_to()" will try to match "%3800" against "800" and it fails (it decides they are not equivalent while they do be).
The only way to allow it is by modifying "check_to" C code.
This is: the valid escenario described above (REGISTER with hex escaped "To" username) is not valid in OpenSer.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1969445&group_id=139143
More information about the Devel
mailing list