[SR-Users] Decode contact with user paramer

Richard Brady rnbrady at gmail.com
Mon Jan 7 02:10:10 CET 2013


Agreed, doesn't make sense to me either.

The code is in the decode2format function in siputils/contact_ops.c:

                        if (((*pos) == '>')||(*pos == ';'))
                                {
                                /* invalid chars inside username part */
                                return -5;
                                }

The ABNF in RFC3261 makes it clear that a semicolon is ok in the user-info
field:

userinfo         =  ( user / telephone-subscriber ) [ ":" password ] "@"
user             =  1*( unreserved / escaped / user-unreserved )
user-unreserved  =  "&" / "=" / "+" / "$" / "," / ";" / "?" / "/"

The code might be to check for the end of a URI (both those characters
terminate a URI under certain circumstances), perhaps for fault tolerance
and/or security but I don't think it's been done in a way that makes sense,
for the following reasons:

1. An angle bracket is not legal in or surrounding a request URI, so it
should be picked up by the parser and/or sanity check.
2. A semicolon is totally legal in the userinfo part, as per ABNF and also
as explained in RFC3261:

   ...
   sip:alice;day=tuesday at atlanta.com

   The last sample URI above has a user field value of
   "alice;day=tuesday".  The escaping rules defined above allow a
   semicolon to appear unescaped in this field.  For the purposes of
   this protocol, the field is opaque.  The structure of that value is
   only useful to the SIP element responsible for the resource.

So I have raised bug FS#263:
http://sip-router.org/tracker/index.php?do=details&task_id=263

Richard


On 3 January 2013 13:28, Gareth Rylance <gareth at rylance.me.uk> wrote:

> Anyone?
>
> If no one objects I will submit a patch with it removed.
>
>
> On 18 December 2012 09:11, Gareth Rylance <gareth at rylance.me.uk> wrote:
>
>> When using the siputils function  encode_contact() on a message that
>> contains a user parameter e.g.
>>
>> <sip:XXXXX00015;phone-context=national at 10.YYY.1.92;user=phone>;tag=88930
>>
>> it encodes fine e.g.
>>
>>
>> <sip:natted_ua*sip:XXXXX00015;phone-context=national**192.168.242.102*5080*udp at 10.YYY.70.100
>> >
>>
>> but decode_contact() errors due to the ";" (there is an explicit check
>> for it in the code)
>>
>> I am currently working round this using
>>
>> $rU = $(rU{s.replace,;,:});
>>
>> to remove the ; as the user part is not needed for my application.
>>
>> Would it be safe to remove the check for ";" ?
>>
>> Gareth
>>
>>
>>
>>
>>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20130107/18c46aaa/attachment.htm>


More information about the sr-users mailing list