According to section 19.1.2 of RFC 3261:

  For each component, the set of valid BNF expansions defines exactly
  which characters may appear unescaped.  All other characters MUST be
  escaped.

This patch modifies ast_uri_encode() to encode strings in line with this recommendation.  This patch also adds an ast_escape_quoted() function which escapes '"' and '\' characters in quoted strings in accordance with section 25.1 of RFC 3261.  The ast_uri_encode() function has also been modified to take an ast_flags struct describing the set of rules it should use when escaping characters to allow for it to escape SIP URIs in addition to HTTP URIs and other types of URIs or variations of those two URI types in the future.

The ast_uri_decode() function has also been modified to accept an ast_flags struct describing the set of rules to use when decoding to enable decoding '+' as ' ' in legacy http URLs.

The unit tests for these functions have also been updated.

ABE-2705

Review: https://reviewboard.asterisk.org/r/1081/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@303509 65c4cc65-6c06-0410-ace0-fbb531ad65f3

1 files changed, 49 insertions, 21 deletions

diff --git a/include/asterisk/utils.h b/include/asterisk/utils.h
index 3d3f18f08..823af26c4 100644
--- a/include/asterisk/utils.h
+++ b/include/asterisk/utils.h
@@ -248,30 +248,58 @@ int ast_base64encode(char *dst, const unsigned char *src, int srclen, int max);
  */
 int ast_base64decode(unsigned char *dst, const char *src, int max);
 
-/*! \brief Turn text string to URI-encoded %XX version 
- *
- * \note 
- *  At this point, this function is encoding agnostic; it does not
- *  check whether it is fed legal UTF-8. We escape control
- *  characters (\x00-\x1F\x7F), '%', and all characters above 0x7F.
- *  If do_special_char == 1 we will convert all characters except alnum
- *  and the mark set.
- *  Outbuf needs to have more memory allocated than the instring
- *  to have room for the expansion. Every char that is converted
- *  is replaced by three ASCII characters.
- *
- *  \param string	String to be converted
- *  \param outbuf	Resulting encoded string
- *  \param buflen	Size of output buffer
- *  \param do_special_char	Convert all non alphanum characters execept
- *         those in the mark set as defined by rfc 3261 section 25.1
+#define AST_URI_ALPHANUM     (1 << 0)
+#define AST_URI_MARK         (1 << 1)
+#define AST_URI_UNRESERVED   (AST_URI_ALPHANUM | AST_URI_MARK)
+#define AST_URI_LEGACY_SPACE (1 << 2)
+
+#define AST_URI_SIP_USER_UNRESERVED (1 << 20)
+
+extern const struct ast_flags ast_uri_http;
+extern const struct ast_flags ast_uri_http_legacy;
+extern const struct ast_flags ast_uri_sip_user;
+
+/*!
+ * \brief Turn text string to URI-encoded %XX version
+ *
+ * This function encodes characters according to the rules presented in RFC
+ * 2396 and/or RFC 3261 section 19.1.2 and section 25.1.
+ *
+ * Outbuf needs to have more memory allocated than the instring to have room
+ * for the expansion. Every byte that is converted is replaced by three ASCII
+ * characters.
+ *
+ * \param string string to be converted
+ * \param outbuf resulting encoded string
+ * \param buflen size of output buffer
+ * \param spec flags describing how the encoding should be performed
+ * \return a pointer to the uri encoded string
  */
-char *ast_uri_encode(const char *string, char *outbuf, int buflen, int do_special_char);
+char *ast_uri_encode(const char *string, char *outbuf, int buflen, struct ast_flags spec);
 
-/*!	\brief Decode URI, URN, URL (overwrite string)
-	\param s	String to be decoded 
+/*!
+ * \brief Decode URI, URN, URL (overwrite string)
+ *
+ * \note The ast_uri_http_legacy decode spec flag will cause this function to
+ * decode '+' as ' '.
+ *
+ * \param s string to be decoded
+ * \param spec flags describing how the decoding should be performed
+ */
+void ast_uri_decode(char *s, struct ast_flags spec);
+
+/*!
+ * \brief Escape characters found in a quoted string.
+ *
+ * \note This function escapes quoted characters based on the 'qdtext' set of
+ * allowed characters from RFC 3261 section 25.1.
+ *
+ * \param string string to be escaped
+ * \param outbuf resulting escaped string
+ * \param buflen size of output buffer
+ * \return a pointer to the escaped string
  */
-void ast_uri_decode(char *s);
+char *ast_escape_quoted(const char *string, char *outbuf, int buflen);
 
 static force_inline void ast_slinear_saturated_add(short *input, short *value)
 {