[OpenSER-Devel] [ openser-Bugs-1969445 ] uri_db: check_to() should allow hex escaped username

Fri, 11 Jul 2008 04:21:31 -0700 

Bugs item #1969445, was opened at 2008-05-22 09:09
Message generated for change (Settings changed) made by henningw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1969445&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Iaki Baz (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
>Summary: uri_db: check_to() should allow hex escaped username

Initial Comment:
To be RFC3261 compliant a SIP proxy should accept hex encoded username in any 
URI, this is:

  sip:[EMAIL PROTECTED] == sip:[EMAIL PROTECTED]

For allowing this we must use, explicitely, the trnasformation 
$(rU{s.unescape.user}). Unfortunatelly RFC3261 allows this hex escaping in any 
URI (From uri, To uri, Contact uri...).

But, is OpenSer ready to allow this escaped system globally? I don't think so. 
For example I send a REGISTER:

-------------------
REGISTER sip:openser.org SIP/2.0
From: sip:[EMAIL PROTECTED];tag=18349ed0
To: sip:[EMAIL PROTECTED]
Contact: sip:[EMAIL PROTECTED]
-------------------

NOTE that "%3800" == "800".

When OpenSer requires me authentication I send:

-------------------
REGISTER sip:openser.org SIP/2.0
From: sip:[EMAIL PROTECTED];tag=18349ed0
To: sip:[EMAIL PROTECTED]
Contact: sip:[EMAIL PROTECTED]
Authorization: Digest username="800", uri="sip:openser.org", algorithm=MD5, 
realm="openser.org", nonce="45353832c42ccf694d4f4aad19e3da236a84dd4d", 
qop=auth, nc=00000001, cnonce="76fe7385", 
response="6f19337d47752e6bc60b689d2688793f"
-------------------

NOTE that Digest username is "800" (it cannot be escaped).

But in OpenSer I use "check_to()" to verify if Digest username is equal to 
username in "To" header, so "check_to()" will try to match "%3800" against 
"800" and it fails (it decides they are not equivalent while they do be).

The only way to allow it is by modifying "check_to" C code.

This is: the valid escenario described above (REGISTER with hex escaped "To" 
username) is not valid in OpenSer.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1969445&group_id=139143

_______________________________________________
Devel mailing list
Devel@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/devel

Reply via email to