diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 197f0bde766e2b69ab9cd8e435c9e6b4a075c6f3..7a522e81768033e53330284941a21cd9c1254674 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -12538,6 +12538,7 @@ static int add_rpid(struct sip_request *req, struct sip_pvt *p)
{
struct ast_str *tmp = ast_str_alloca(256);
char tmp2[256];
+ char lid_name_buf[128];
char *lid_num;
char *lid_name;
int lid_pres;
@@ -12563,6 +12564,7 @@ static int add_rpid(struct sip_request *req, struct sip_pvt *p)
if (!lid_name) {
lid_name = lid_num;
}
+ ast_escape_quoted(lid_name, lid_name_buf, sizeof(lid_name_buf));
lid_pres = ast_party_id_presentation(&connected_id);
if (((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) &&
@@ -12586,7 +12588,7 @@ static int add_rpid(struct sip_request *req, struct sip_pvt *p)
if (ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) != SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY) {
/* trust_id_outbound = yes - Always give full information even if it's private, but append a privacy header
* When private data is included */
- ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+ ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name_buf, lid_num, fromdomain);
if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) {
add_header(req, "Privacy", "id");
}
@@ -12594,14 +12596,14 @@ static int add_rpid(struct sip_request *req, struct sip_pvt *p)
/* trust_id_outbound = legacy - behave in a non RFC-3325 compliant manner and send anonymized data when
* when handling private data. */
if ((lid_pres & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED) {
- ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+ ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name_buf, lid_num, fromdomain);
} else {
ast_str_set(&tmp, -1, "%s", anonymous_string);
}
}
add_header(req, "P-Asserted-Identity", ast_str_buffer(tmp));
} else {
- ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>;party=%s", lid_name, lid_num, fromdomain, p->outgoing_call ? "calling" : "called");
+ ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>;party=%s", lid_name_buf, lid_num, fromdomain, p->outgoing_call ? "calling" : "called");
switch (lid_pres) {
case AST_PRES_ALLOWED_USER_NUMBER_NOT_SCREENED:
@@ -18857,7 +18859,10 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a
from = (char *) get_calleridname(from, from_name, sizeof(from_name));
from = get_in_brackets(from);
if (from_name[0]) {
- res |= ast_msg_set_from(msg, "\"%s\" <%s>", from_name, from);
+ char from_buf[128];
+
+ ast_escape_quoted(from_name, from_buf, sizeof(from_buf));
+ res |= ast_msg_set_from(msg, "\"%s\" <%s>", from_buf, from);
} else {
res |= ast_msg_set_from(msg, "<%s>", from);
}
diff --git a/include/asterisk/utils.h b/include/asterisk/utils.h
index 47a438eb3f9c9b7a8a58c9e6c55159cb7d1b6992..464ff1cdc34e5aeb0ac6d4b72dfa83603049f703 100644
--- a/include/asterisk/utils.h
+++ b/include/asterisk/utils.h
@@ -318,6 +318,15 @@ int ast_xml_escape(const char *string, char *outbuf, size_t buflen);
*/
char *ast_escape_quoted(const char *string, char *outbuf, int buflen);
+/*!
+ * \brief Unescape quotes in a string
+ *
+ * \param quote_str The string with quotes to be unescaped
+ *
+ * \note This function mutates the passed-in string.
+ */
+void ast_unescape_quoted(char *quote_str);
+
static force_inline void ast_slinear_saturated_add(short *input, short *value)
{
int res;
diff --git a/main/callerid.c b/main/callerid.c
index e3b2b139e4bbad0ad3a276fd483c59c735384e35..803d411953d26b6e8eb8801eb1b29cb97ce0e737 100644
--- a/main/callerid.c
+++ b/main/callerid.c
@@ -1009,50 +1009,39 @@ int ast_is_shrinkable_phonenumber(const char *exten)
int ast_callerid_parse(char *instr, char **name, char **location)
{
- char *ns, *ne, *ls, *le;
+ char *ls, *le, *name_start;
- /* Try "name" <location> format or name <location> format */
- if ((ls = strrchr(instr, '<')) && (le = strrchr(ls, '>'))) {
- *ls = *le = '\0'; /* location found, trim off the brackets */
- *location = ls + 1; /* and this is the result */
- if ((ns = strchr(instr, '"')) && (ne = strchr(ns + 1, '"'))) {
- *ns = *ne = '\0'; /* trim off the quotes */
- *name = ns + 1; /* and this is the name */
- } else if (ns) {
- /* An opening quote was found but no closing quote was. The closing
- * quote may actually be after the end of the bracketed number
- */
- if (strchr(le + 1, '\"')) {
- *ns = '\0';
- *name = ns + 1;
- ast_trim_blanks(*name);
- } else {
- *name = NULL;
- }
- } else { /* no quotes, trim off leading and trailing spaces */
- *name = ast_skip_blanks(instr);
- ast_trim_blanks(*name);
+ /* Handle surrounding quotes */
+ instr = ast_strip_quoted(instr, "\"", "\"");
+
+ /* Try "name" <location> format or name <location> format or with a missing > */
+ if ((ls = strrchr(instr, '<'))) {
+ if ((le = strrchr(ls, '>'))) {
+ *le = '\0'; /* location found, trim off the brackets */
}
+ *ls = '\0';
+ *location = ls + 1; /* and this is the result */
+
+ name_start = ast_strip_quoted(instr, "\"", "\"");
} else { /* no valid brackets */
char tmp[256];
ast_copy_string(tmp, instr, sizeof(tmp));
ast_shrink_phone_number(tmp);
if (ast_isphonenumber(tmp)) { /* Assume it's just a location */
- *name = NULL;
+ name_start = NULL;
strcpy(instr, tmp); /* safe, because tmp will always be the same size or smaller than instr */
*location = instr;
} else { /* Assume it's just a name. */
*location = NULL;
- if ((ns = strchr(instr, '"')) && (ne = strchr(ns + 1, '"'))) {
- *ns = *ne = '\0'; /* trim off the quotes */
- *name = ns + 1; /* and this is the name */
- } else { /* no quotes, trim off leading and trailing spaces */
- *name = ast_skip_blanks(instr);
- ast_trim_blanks(*name);
- }
+ name_start = ast_strip_quoted(instr, "\"", "\"");
}
}
+
+ if (name_start) {
+ ast_unescape_quoted(name_start);
+ }
+ *name = name_start;
return 0;
}
@@ -1079,14 +1068,18 @@ char *ast_callerid_merge(char *buf, int bufsiz, const char *name, const char *nu
{
if (!unknown)
unknown = "<unknown>";
- if (name && num)
- snprintf(buf, bufsiz, "\"%s\" <%s>", name, num);
- else if (name)
+ if (name && num) {
+ char name_buf[128];
+
+ ast_escape_quoted(name, name_buf, sizeof(name_buf));
+ snprintf(buf, bufsiz, "\"%s\" <%s>", name_buf, num);
+ } else if (name) {
ast_copy_string(buf, name, bufsiz);
- else if (num)
+ } else if (num) {
ast_copy_string(buf, num, bufsiz);
- else
+ } else {
ast_copy_string(buf, unknown, bufsiz);
+ }
return buf;
}
diff --git a/main/utils.c b/main/utils.c
index ba646c44b968a919fe42416a85e65ff30f847ba0..229080b83dc7b65032cf7fc9b9e15278e3b7fdc9 100644
--- a/main/utils.c
+++ b/main/utils.c
@@ -483,6 +483,29 @@ char *ast_escape_quoted(const char *string, char *outbuf, int buflen)
return outbuf;
}
+
+void ast_unescape_quoted(char *quote_str)
+{
+ int esc_pos;
+ int unesc_pos;
+ int quote_str_len = strlen(quote_str);
+
+ for (esc_pos = 0, unesc_pos = 0;
+ esc_pos < quote_str_len;
+ esc_pos++, unesc_pos++) {
+ if (quote_str[esc_pos] == '\\') {
+ /* at least one more char and current is \\ */
+ esc_pos++;
+ if (esc_pos >= quote_str_len) {
+ break;
+ }
+ }
+
+ quote_str[unesc_pos] = quote_str[esc_pos];
+ }
+ quote_str[unesc_pos] = '\0';
+}
+
int ast_xml_escape(const char *string, char * const outbuf, const size_t buflen)
{
char *dst = outbuf;
diff --git a/res/res_pjsip_caller_id.c b/res/res_pjsip_caller_id.c
index 64940d18123d208031fdf1e073cfd1772157d3c1..3764931684f25cd7c829f9bab2f3a67299a167b1 100644
--- a/res/res_pjsip_caller_id.c
+++ b/res/res_pjsip_caller_id.c
@@ -404,7 +404,11 @@ static void modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const st
id_uri = pjsip_uri_get_uri(id_name_addr->uri);
if (id->name.valid) {
- pj_strdup2(pool, &id_name_addr->display, id->name.str);
+ int name_buf_len = strlen(id->name.str) * 2 + 1;
+ char *name_buf = ast_alloca(name_buf_len);
+
+ ast_escape_quoted(id->name.str, name_buf, name_buf_len);
+ pj_strdup2(pool, &id_name_addr->display, name_buf);
}
if (id->number.valid) {
@@ -438,7 +442,11 @@ static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_tx_da
id_uri = pjsip_uri_get_uri(id_name_addr->uri);
if (id->name.valid) {
- pj_strdup2(tdata->pool, &id_name_addr->display, id->name.str);
+ int name_buf_len = strlen(id->name.str) * 2 + 1;
+ char *name_buf = ast_alloca(name_buf_len);
+
+ ast_escape_quoted(id->name.str, name_buf, name_buf_len);
+ pj_strdup2(tdata->pool, &id_name_addr->display, name_buf);
}
pj_strdup2(tdata->pool, &id_uri->user, id->number.str);
diff --git a/tests/test_callerid.c b/tests/test_callerid.c
new file mode 100644
index 0000000000000000000000000000000000000000..43b760d89834ad5d3bdea8e5d3dd59b8d00fc852
--- /dev/null
+++ b/tests/test_callerid.c
@@ -0,0 +1,165 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2014, Kinsey Moore
+ *
+ * Kinsey Moore <kmoore@digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*!
+ * \file
+ * \brief Callerid Tests
+ *
+ * \author\verbatim Kinsey Moore <kmoore@digium.com> \endverbatim
+ *
+ * This is an Asterisk test module for callerid functionality
+ * \ingroup tests
+ */
+
+/*** MODULEINFO
+ <depend>TEST_FRAMEWORK</depend>
+ <support_level>core</support_level>
+ ***/
+
+#include "asterisk.h"
+#include "asterisk/callerid.h"
+
+ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
+
+#include "asterisk/utils.h"
+#include "asterisk/module.h"
+#include "asterisk/test.h"
+
+struct cid_set {
+ char *cid;
+ char *name;
+ char *number;
+};
+
+AST_TEST_DEFINE(parse_nominal)
+{
+ static const struct cid_set cid_sets[] = {
+ {"\"name\" <number>", "name", "number"},
+ {"\" name \" <number>", " name ", "number"},
+ {"name <number>", "name", "number"},
+ {" name <number>", "name", "number"},
+ {"\"\" <number>", NULL, "number"},
+ {"<number>", NULL, "number"},
+ {"name", "name", NULL},
+ {"\"name\"", "name", NULL},
+ {"\"name\" <>", "name", NULL},
+ {"name <>", "name", NULL},
+ {"1234", NULL, "1234"},
+ {"\"na\\\"me\" <number>", "na\"me", "number"},
+ };
+ char *name;
+ char *number;
+ int i;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "parse_nominal";
+ info->category = "/main/callerid/";
+ info->summary = "Callerid nominal parse unit test";
+ info->description =
+ "This tests parsing of nominal callerid strings.";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ for (i = 0; i < ARRAY_LEN(cid_sets); i++) {
+ RAII_VAR(char *, callerid, ast_strdup(cid_sets[i].cid), ast_free);
+
+ ast_callerid_parse(callerid, &name, &number);
+ if (!cid_sets[i].name == !ast_strlen_zero(name) || (cid_sets[i].name && strcmp(name, cid_sets[i].name))) {
+ ast_test_status_update(test,
+ "Expected callerid name '%s' instead of '%s'\n",
+ cid_sets[i].name, name);
+ return AST_TEST_FAIL;
+ }
+
+ if (!cid_sets[i].number == !ast_strlen_zero(number) || (cid_sets[i].number && strcmp(number, cid_sets[i].number))) {
+ ast_test_status_update(test,
+ "Expected callerid number '%s' instead of '%s'\n",
+ cid_sets[i].number, number);
+ return AST_TEST_FAIL;
+ }
+ }
+
+ return AST_TEST_PASS;
+}
+
+AST_TEST_DEFINE(parse_off_nominal)
+{
+ static const struct cid_set cid_sets[] = {
+ {"na\\\"me <number>", "na\"me", "number"},
+ {"\"na\"me\" <number>", "na\"me", "number"},
+ {"na\"me <number>", "na\"me", "number"},
+ {"\"name <number>", "\"name", "number"},
+ {"name <number", "name", "number"},
+ {"\"name <number>\"", "name", "number"},
+ };
+ char *name;
+ char *number;
+ int i;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "parse_off_nominal";
+ info->category = "/main/callerid/";
+ info->summary = "Callerid off-nominal parse unit test";
+ info->description =
+ "This tests parsing of off-nominal callerid strings.";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ for (i = 0; i < ARRAY_LEN(cid_sets); i++) {
+ RAII_VAR(char *, callerid, ast_strdup(cid_sets[i].cid), ast_free);
+
+ ast_callerid_parse(callerid, &name, &number);
+ if (!cid_sets[i].name == !ast_strlen_zero(name) || (cid_sets[i].name && strcmp(name, cid_sets[i].name))) {
+ ast_test_status_update(test,
+ "Expected callerid name '%s' instead of '%s'\n",
+ cid_sets[i].name, name);
+ return AST_TEST_FAIL;
+ }
+
+ if (!cid_sets[i].number == !ast_strlen_zero(number) || (cid_sets[i].number && strcmp(number, cid_sets[i].number))) {
+ ast_test_status_update(test,
+ "Expected callerid number '%s' instead of '%s'\n",
+ cid_sets[i].number, number);
+ return AST_TEST_FAIL;
+ }
+ }
+
+ return AST_TEST_PASS;
+}
+
+static int unload_module(void)
+{
+ AST_TEST_UNREGISTER(parse_nominal);
+ AST_TEST_UNREGISTER(parse_off_nominal);
+ return 0;
+}
+
+static int load_module(void)
+{
+ AST_TEST_REGISTER(parse_nominal);
+ AST_TEST_REGISTER(parse_off_nominal);
+ return AST_MODULE_LOAD_SUCCESS;
+}
+
+AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Callerid Parse Tests");
diff --git a/tests/test_utils.c b/tests/test_utils.c
index 9150fccf416151b347c6544e63c27332062d7543..e4f6e0a52435a8a854fb0d3f3212676d89b21aea 100644
--- a/tests/test_utils.c
+++ b/tests/test_utils.c
@@ -546,6 +546,100 @@ AST_TEST_DEFINE(crypt_test)
}
+struct quote_set {
+ char *input;
+ char *output;
+};
+
+AST_TEST_DEFINE(quote_mutation)
+{
+ char escaped[64];
+ static const struct quote_set escape_sets[] = {
+ {"\"string\"", "\\\"string\\\""},
+ {"\"string", "\\\"string"},
+ {"string\"", "string\\\""},
+ {"string", "string"},
+ {"str\"ing", "str\\\"ing"},
+ {"\"", "\\\""},
+ {"\\\"", "\\\\\\\""},
+ };
+ int i;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "quote_mutation";
+ info->category = "/main/utils/";
+ info->summary = "Test mutation of quotes in strings";
+ info->description =
+ "This tests escaping and unescaping of quotes in strings to "
+ "verify that the original string is recovered.";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ for (i = 0; i < ARRAY_LEN(escape_sets); i++) {
+ ast_escape_quoted(escape_sets[i].input, escaped, sizeof(escaped));
+
+ if (strcmp(escaped, escape_sets[i].output)) {
+ ast_test_status_update(test,
+ "Expected escaped string '%s' instead of '%s'\n",
+ escape_sets[i].output, escaped);
+ return AST_TEST_FAIL;
+ }
+
+ ast_unescape_quoted(escaped);
+ if (strcmp(escaped, escape_sets[i].input)) {
+ ast_test_status_update(test,
+ "Expected unescaped string '%s' instead of '%s'\n",
+ escape_sets[i].input, escaped);
+ return AST_TEST_FAIL;
+ }
+ }
+
+ return AST_TEST_PASS;
+}
+
+AST_TEST_DEFINE(quote_unescaping)
+{
+ static const struct quote_set escape_sets[] = {
+ {"\"string\"", "\"string\""},
+ {"\\\"string\"", "\"string\""},
+ {"\"string\\\"", "\"string\""},
+ {"str\\ing", "string"},
+ {"string\\", "string"},
+ {"\\string", "string"},
+ };
+ int i;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "quote_unescaping";
+ info->category = "/main/utils/";
+ info->summary = "Test unescaping of off-nominal strings";
+ info->description =
+ "This tests unescaping of strings which contain a mix of "
+ "escaped and unescaped sequences.";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ for (i = 0; i < ARRAY_LEN(escape_sets); i++) {
+ RAII_VAR(char *, escaped, ast_strdup(escape_sets[i].input), ast_free);
+
+ ast_unescape_quoted(escaped);
+ if (strcmp(escaped, escape_sets[i].output)) {
+ ast_test_status_update(test,
+ "Expected unescaped string '%s' instead of '%s'\n",
+ escape_sets[i].output, escaped);
+ return AST_TEST_FAIL;
+ }
+ }
+
+ return AST_TEST_PASS;
+}
+
static int unload_module(void)
{
AST_TEST_UNREGISTER(uri_encode_decode_test);
@@ -558,6 +652,8 @@ static int unload_module(void)
AST_TEST_UNREGISTER(agi_loaded_test);
AST_TEST_UNREGISTER(safe_mkdir_test);
AST_TEST_UNREGISTER(crypt_test);
+ AST_TEST_UNREGISTER(quote_mutation);
+ AST_TEST_UNREGISTER(quote_unescaping);
return 0;
}
@@ -573,6 +669,8 @@ static int load_module(void)
AST_TEST_REGISTER(agi_loaded_test);
AST_TEST_REGISTER(safe_mkdir_test);
AST_TEST_REGISTER(crypt_test);
+ AST_TEST_REGISTER(quote_mutation);
+ AST_TEST_REGISTER(quote_unescaping);
return AST_MODULE_LOAD_SUCCESS;
}