From 0ef6a855aa50ad4d130ab92191699989db6065c7 Mon Sep 17 00:00:00 2001 From: yurunhub Date: Tue, 9 Dec 2025 14:49:12 +0000 Subject: [PATCH] disallow/skip url encoded CR and LF chars decoding --- sippy/SipURL.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/sippy/SipURL.py b/sippy/SipURL.py index 6c0ecfdc1..5c48aa8e8 100644 --- a/sippy/SipURL.py +++ b/sippy/SipURL.py @@ -38,6 +38,13 @@ USERNAME_SAFE = RFC3261_USER_UNRESERVED + RFC3261_MARK +#below function disallow translation of CR and LF chars: +def safe_unquote(v): + r = unquote(v) + r = r.replace("\n", "") + r = r.replace("\r", "") + return r + class SipURL(object): scheme = None username = None @@ -110,7 +117,7 @@ def convertTelURL(self, url, relaxedparser): self.port = SipConf.my_port self.transport = SipConf.my_transport parts = url.split(';') - self.username = unquote(parts[0]) + self.username = safe_unquote(parts[0]) if len(parts) > 1: # parse userparams self.userparams = [] @@ -130,7 +137,7 @@ def parseSipURL(self, url, relaxedparser): userdomain = userdomain[:ear] + userdomain_suff for header in headers.split('&'): k, v = header.split('=') - self.headers[k] = unquote(v) + self.headers[k] = safe_unquote(v) if ear > 0: userpass = userdomain[:ear - 1] hostport = userdomain[ear:] @@ -140,7 +147,7 @@ def parseSipURL(self, url, relaxedparser): uparts = upparts[0].split(';') if len(uparts) > 1: self.userparams = uparts[1:] - self.username = unquote(uparts[0]) + self.username = safe_unquote(uparts[0]) else: hostport = userdomain parseport = None @@ -193,7 +200,7 @@ def parseSipURL(self, url, relaxedparser): self.headers = {} for header in arr[1].split('&'): k, v = header.split('=') - self.headers[k] = unquote(v) + self.headers[k] = safe_unquote(v) def setParams(self, params): self.usertype = None