From ff09fa5ac585d8db4eaf52c32acbcdddfac96d80 Mon Sep 17 00:00:00 2001 From: Jonathan Rose Date: Mon, 5 Nov 2012 18:00:39 +0000 Subject: [PATCH] chan_sip: Document a change to user-field encoding introduced with r303509 The change in question was added to improve compliance with RFC3261, but at the time of commit, it wasn't adequately documented in the UPGRADE notes. (closes issue ASTERISK-20561) Reported by: Deniz Review: https://reviewboard.asterisk.org/r/2177/ ........ Merged revisions 375846 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 375847 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@375848 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- UPGRADE.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/UPGRADE.txt b/UPGRADE.txt index 3f19f28392..429709fc1d 100644 --- a/UPGRADE.txt +++ b/UPGRADE.txt @@ -258,6 +258,15 @@ chan_sip: - Setting of HASH(SIP_CAUSE,) on channels is now disabled by default. It can be enabled using the 'storesipcause' option. This feature has a significant performance penalty. + - In order to improve compliance with RFC 3261, SIP usernames are now properly + escaped when encoding reserved characters. Prior to this change, the use of + these characters in certain SIP settings affecting usernames could cause + injections of these characters in their raw form into SIP headers which could + in turn cause all sorts of nasty behaviors. All characters that are not + alphanumeric or are not contained in the the following lists specified by + RFC 3261 section 25.1 will be escaped as %XX when encoding a SIP username: + * mark: "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")" + * user-unreserved: "&" / "=" / "+" / "$" / "," / ";" / "?" / "/" UDPTL: - The default UDPTL port range in udptl.conf.sample differed from the defaults