Asterisk’s Unnoticed Bug: The Double Quote Bug | Hacker Noon


Piyush Badkul Hacker Noon profile picture

@piyushbadkulPiyush Badkul

Attempting to reuse the wheel instead of reinventing it.

Asterisk is one of the pioneers in the Telecommunications Field and provides a software implementation of Private Branch Exchange (PBX).

To demonstrate to you the problem caused by this unnoticed bug, I have to take you through the process as to what causes the problem and how it can be solved.

The normal calls that we dial multiple times are established on the basis of the protocol named Session Initiation Protocol (SIP) through a SIP Server which makes all the intelligent decisions like Routing, dropping and announcement.

For some of the fairly complex scenarios like Call Conferencing, Call Return, Transcoding and others like it, Asterisk (or Freeswitch) can be used to substitue a Node (or a server) or can be used to identify the signaling which can then be incorporated into your Node. 

Sometimes, to provide certain features or to charge our subscribers through the SIP signaling, we sometimes need to add the Proprietary headers that help us in performing the operation.

If I were to talk with respect to the IMS[IP Multimedia Subsystem] (which is a standardized architectural framework for providing IP services), then in that case we can replace Asterisk with any of the nodes of the IMS, be it P-CSCF, S-CSCF or TAS. But, to allow this, we need Asterisk to pass those headers, so that the overall function of the other respective nodes remains smooth.

Well, Asterisk makes this passing of the headers very easy and we can do it through a small change in the Dailplan of Asterisk. Dailplan provides the functions which do all the work for you.

For Instance, if we want to add a Header named P-Charging-Function-Addresses, then i would have to code something like this –

exten => _<EXTEN>,1,
(P-Charging-Function-Addresses: ${SIP_HEADER(P-Charging-Function-Addresses)}) 

Here, <EXTEN> => The called party’s number or some pattern with respect to it. If you have dialed 911126594001, then your Pattern can be something like this _91X<dot> (where X is any character and dot signifies that any character can occur multiple times.)

The Format can be found from the Asterisk Dialplan and It’s not a big concern.


The Bug

But, there is a catch in this particular function in Asterisk as it can be a very troublesome function.

If the value passed in the function is: 

P-Charging-Vector: icid-value=f3814440ef7db8e62dc005423327efbd;orig-ioi=""

That is if the value ends with a “ <Double Quote>”, then, the message which is to be forwarded to the next node will be It will be without a ” <Double Quote>. It looks like this:

P-Charging-Vector: icid-value=f3814440ef7db8e62dc005423327efbd;orig-ioi="

As soon as the next node will receive this INVITE, then it will generate a 400 Bad Request SIP response which is correct. It appears that it treats <Double Quote> as some escape character and hence, trims it.

Bugs like this take a lot of time to debug as we don’t know where and why it is. We don’t know where to look because it has not happened due to our fault in the first place. The purpose of this blog is to save that time in case someone encounters it.


If something like this happens in your header, an easy way is to do it in the code. Just, save the value of the header from the incoming channel and then add it to the outgoing channel. All this can be done just with the basic String functions.

A follow-up blog will soon follow.


Join Hacker Noon