Review Board 1.7.16


Asterisk manager output escape message control characters

Review Request #4594 - Created April 6, 2015 and updated

warren smith
asterisk-24934
Reviewers
asterisk-dev
Asterisk
Asterisk manager output is created using printf formatting, like:

manager_event(SOME_EVENT_FLAG, "EventName",
    "KeyOne: %s\r\nKeyTwo: %s\r\n", val1, val2);

This causes problems when the values themselves contain control characters like carriage return and newline, so that applications parsing the output will interpret this as a new key, or the end of an event.  An example of this is having a callerid contain "\r\n\r\n".  This ends the event, and the keys for the same event are interpreted as a new message, and any keys below are missed for the real event.

I've included a patch that provides a ast_escape_c() function which takes a string, then returns a pointer to a new string that has the c characters escaped (i.e., newline into \n).  I've modified the calls to the manager_event functions (manager_event, ast_manager_event, ast_manager_event_multichan) so that values that could be set by a user are escaped.  The string values that as far as I know aren't user-created were left as-is, like channel names and uniqueid.

There are quite a few calls to the manager event functions and I've double checked to make sure all memory allocations are freed after creating the escaped string.  I also had added an ast_replace_string function which i didn't end up using, and added an ast_escape_output function which just calls ast_escape_c.  An alternative would be to replace the sequence "\r\n" with the escaped version, rather than the individual characters.

I'm testing on our asterisk 11 install and this fixes the parsing bugs we run into from messed up callerids and things like agent names containing return + newline.
In our production environment I have been running the patch for about 5 days.  The parsing issues we have had in the past are now resolved.
Review request changed
Updated (April 8, 2015, 12:51 p.m.)
Fixed line ending so all files were included

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.