Mantis Bugtracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000262 [Yate - Yet Another Telephony Engine] module minor have not tried 2011-05-16 12:11 2011-07-29 09:52
Reporter folarte View Status public  
Assigned To
Priority normal Resolution open  
Status new   Product Version SVN
Summary 0000262: Bad message escaping in
Description The string scaping for messages in skips escaping ':' ( with potential problems if used ).

The problem function is:

 # Convert % to %%, and every ASCII char with code < 32 to %'upper_code' as stated in
sub escape($$;$) {
    my ($self, $string, $special) = @_;

    if ($string) {
        $string =~ s/(.)/$1 eq '%' ? '%%' : (ord($1) < 32 || ($special && $1 eq $special) ? '\
%' . chr(ord($1) + 64) : $1)/egs;

    return $string;

Which could be easily fixed by adding a check for ':'

        $string =~ s/(.)/$1 eq '%' ? '%%' : (ord($1) < 32 || $1 eq ':' || ($special && $1 eq $special) ? '%' . chr(ord($1) + 64) : $1)/egs;

By the way, the problem may be caused by following to the letter the description in the cited extmodule docs:

Any value that contains special characters (ASCII code lower than 32) MUST have them converted to %<upcode> where <upcode> is the character with a numeric value equal with 64 + original ASCII code. The % character itself MUST be converted to a special %% representation. Characters with codes higher than 32 (except %) SHOULD not be escaped but may be so. A %-escaped code may be received instead of an unescaped character anywhere except in the initial keyword or the delimiting colon (:) characters. Anywhere in the line except the initial keyword a % character not followed by a character with a numeric value higher than 64 (40H, 0x40, '@') or another % is an error.

Which could be changed to:

Any value that contains special characters (ASCII code lower than 32 or colon ) ........

I've checked String String::msgEscape(const char* str, char extraEsc) and it does escape every colon, so I think the perl function should do the same.

Additional Information
Tags No tags attached.
Attached Files

- Relationships

-  Notes
sofit (reporter)
2011-07-28 22:41

In the documentation you will see that this function support a second parameter called "special_char", which escapes whatever you pass it (say : in your case). Anyway this is mostly an internal function and in the module itself you will see $this->escape($string, ':') very often. There's no need for any change on the module regarding escaping.
folarte (reporter)
2011-07-29 09:52

I knew it supported the special_char, and it's obvious reading both the original quoted text and the one I proposed it does. I just found it unusual to have a different implementation in C and perl for escaping.

Looking in more detail ( in fact searching for every '->escape' ocurrence ) I've found every use of escape method uses ':' as especial, so the module does not need changing, as it's just using a convoluted way to achieve what I proposed.

IIRC I spotted it as a potential problem when developing a client perl module but, as I've decided not to use for it, this issue is purely academic, but I don't know how to to drop or close it.

- Issue History
Date Modified Username Field Change
2011-05-16 12:11 folarte New Issue
2011-05-17 08:22 vir Issue Monitored: vir
2011-07-28 22:41 sofit Note Added: 0000379
2011-07-29 09:52 folarte Note Added: 0000380

Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker