[Users] exec_dset with params in URI broken
T.R. Missner
trmissner at bandwidth.com
Wed Aug 2 05:02:16 CEST 2006
Hello,
Today I stumbled upon an issue while using exec_dset.
If the R-URI has a parameter in it like the following:
sip:+12125551212 at 208.1.1.1;dt=180 SIP/2.0
When exec_dset sends the R-URI as a command line param to the command
specified when called like:
exec_dset("/usr/local/bin/dostuff.pl");
popen is used to exec a new shell passing
"/usr/local/bin/dostuff.pl sip:+12125551212 at 208.1.1.1;dt=180 SIP/2.0" as
the command
The ; in the RURI is interpreted by the shell as the end of the
parameter.
This causes the dt=180 portion of the R-URI to passed directly to the
shell causing an error.
It seems this problem could be exploited by an enterprising hacker.
A solution would be to check the param string for semi-colons and if
found escape them with a backslash ( \ ).
I am working on this code now.
Is this a known issue?
Is there a better solution?
T.R.
More information about the Users
mailing list