[sr-dev] [kamailio/kamailio] Incorrect translation of tel: uri to sip: uri in tel2sip() (#1173)

Donald Carr notifications at github.com
Thu Jun 29 22:05:45 CEST 2017


<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests.

If you have questions about using Kamailio or related to its configuration file,
ask on sr-users mailing list:

  * http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

If you have questions about developing extensions to Kamailio or its existing
C code, ask on sr-dev mailing list

  * http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

Please try to fill this template as much as possible for any issue. It helps the
developers to troubleshoot the issue.

If you submit a feature request (or enhancement), you can delete the text of
the template and only add the description of what you would like to be added.

If there is no content to be filled in a section, the entire section can be removed.

You can delete the comments from the template sections when filling.

You can delete next line and everything above before submitting (it is a comment).
-->

### Description

<!--
Explain what you did, what you expected to happen, and what actually happened.
-->

I received a wireshark trace from a team member showing that a tel: uri was translated to a sip: uri in a very strange (invalid) way:

INVITE tel:491234567891;phone-context=ims.mnc001.mcc001.3gppnetwork.org
 
Was translated to:

INVITE  sip:491234567891;phone-context=ims.mnc001.mcc001.3gppnetwork.org at ims.mnc001.mcc001.3gppnetwork.org;user=phone



### Troubleshooting

I first thought this was definitely an error, and only the phone number should be copied to the sip: uri. But, on further reading of the specification, (https://www.ietf.org/rfc/rfc3261.txt), I see that it is in fact legal to leave all parameters in. Though, when the phone-context parameter is simply a domain, it would at least seem the cleanest thing would be to remove it when the exact same domain is also inserted after the @ in the sip message. 

So, looking to find where the message is translated, I saw in the scscf.cfg configuration file that there is a translation specified. 

I found that "tel2sip" is mapped to the C function of the same name tel2sip()

In this function, the translation will do exactly what I found in the trace, in other words, it will leave in all parameters separated by semi-colon, inserted before the @ symbol.

But, reading the spec, I see that the spec is not being followed in any case. The spec states that all parameters included when translating, must be switched to alphabetic order, with the exception that 
isdn-subaddress and post-dial, must occur first and in that order.  There is no code in tel2sip() to perform that sorting.

Also, the parser removes '(', ')', '.', and '-' in the phone number, as specified, but, these same characters could be scattered anywhere in invalid places, and they are just silently removed, '+' can scattered anywhere and it is just left alone, Other characters can be scattered anywhere and they will just be left as-is, no error. So, I feel there should be some minimal checking of the phone number, trying to follow the spec (if we could just execute the BNF from the spec!).

#### Reproduction

<!--
If the issue can be reproduced, describe how it can be done.
-->
This can be reproduced by sending a tel: uri with parameters inserted separated by semicolon.

#### Debugging Data

<!--
If you got a core dump, use gdb to extract troubleshooting data - full backtrace,
local variables and the list of the code at the issue location.

  gdb /path/to/kamailio /path/to/corefile
  bt full
  info locals
  list

If you are familiar with gdb, feel free to attach more of what you consider to
be relevant.
-->

```
(none)
```

#### Log Messages

<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->

```
(none)
```

#### SIP Traffic

<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->

```
See attached file
```

### Possible Solutions


<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix.
-->
The solution would be to modify tel2sip(), adding the sorting of parameters, putting the two exceptions first if they exist, before inserting back into the string.

We should also throw errors on obvious bad formatting and ilegal characters, etc, in the input tel: uri

Should we remove the "phone-context" if it is a domain and also exactly the same as the domain inserted after the @? 

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.0.0-dev5 (x86_64/linux) da4ef4-dirty
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: da4ef4 -dirty
compiled on 10:37:40 May 12 2017 with gcc 5.4.0
```
SIP spec:
https://www.ietf.org/rfc/rfc3261.txtWireshark output:

![wireshark-tel2sip](https://user-images.githubusercontent.com/4886876/27705203-cfd3c150-5cd2-11e7-9f77-1664a51e7ac3.png)
```
In RFC 3966, Tel URI format:
 
   The "tel" URI has the following syntax:
 
   telephone-uri        = "tel:" telephone-subscriber
   telephone-subscriber = global-number / local-number
   global-number        = global-number-digits *par
   local-number         = local-number-digits *par context *par
   par                  = parameter / extension / isdn-subaddress
   isdn-subaddress      = ";isub=" 1*uric
   extension            = ";ext=" 1*phonedigit
   context              = ";phone-context=" descriptor
   descriptor           = domainname / global-number-digits
   global-number-digits = "+" *phonedigit DIGIT *phonedigit
   local-number-digits  =
      *phonedigit-hex (HEXDIG / "*" / "#")*phonedigit-hex
   domainname           = *( domainlabel "." ) toplabel [ "." ]
   domainlabel          = alphanum
                          / alphanum *( alphanum / "-" ) alphanum
   toplabel             = ALPHA / ALPHA *( alphanum / "-" ) alphanum
   parameter            = ";" pname ["=" pvalue ]
   pname                = 1*( alphanum / "-" )
   pvalue               = 1*paramchar
   paramchar            = param-unreserved / unreserved / pct-encoded
   unreserved           = alphanum / mark
   mark                 = "-" / "_" / "." / "!" / "~" / "*" /
                          "'" / "(" / ")"
   pct-encoded          = "%" HEXDIG HEXDIG
   param-unreserved     = "[" / "]" / "/" / ":" / "&" / "+" / "$"
   phonedigit           = DIGIT / [ visual-separator ]
   phonedigit-hex       = HEXDIG / "*" / "#" / [ visual-separator ]
   visual-separator     = "-" / "." / "(" / ")"
   alphanum             = ALPHA / DIGIT
   reserved             = ";" / "/" / "?" / ":" / "@" / "&" /
                          "=" / "+" / "$" / ","
   uric                 = reserved / unreserved / pct-encoded
 ```

* **Operating System**:

<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->

```
# uname -a
Linux epc-enablers 4.4.0-51-generic #72-Ubuntu SMP Thu Nov 24 18:29:54 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1173
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20170629/e521685b/attachment.html>


More information about the sr-dev mailing list