### Description
Our partner sending a call with this header ``` From: "COVER JERRY & M" sip:+12099283442@206.147.236.174:5060;otg=TLMNCAXFDS0_3887;tag=gK0c7f90e2 ``` According [RFC3261](https://www.rfc-editor.org/rfc/rfc3261#section-25.1) ``` Several rules are incorporated from RFC 2396 [5] but are updated to make them compliant with RFC 2234 [10]. These include:
reserved = ";" / "/" / "?" / ":" / "@" / "&" / "=" / "+" / "$" / "," unreserved = alphanum / mark mark = "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")" escaped = "%" HEXDIG HEXDIG ``` Also ``` SIP follows the requirements and guidelines of RFC 2396 [5] when defining the set of characters that must be escaped in a SIP URI, and uses its ""%" HEX HEX" mechanism for escaping. From RFC 2396 [5]:
The set of characters actually reserved within any given URI component is defined by that component. In general, a character is reserved if the semantics of the URI changes if the character is replaced with its escaped US-ASCII encoding [5]. Excluded US- ASCII characters (RFC 2396 [5]), such as space and control characters and characters used as URI delimiters, also MUST be escaped. URIs MUST NOT contain unescaped space and control characters. ``` And ``` Expanding the hname and hvalue tokens in Section 25 show that all URI reserved characters in header field names and values MUST be escaped. ```
For now, looks like `the sanity` module does not check reserver char usage. This ticket was created to collect recommendations for feature implementation.
Should be checked headers? Maybe a similar check is already present in the code and you can provide a reference? Unscaped reserved char usage in "From", "To", "P-Asserted-Identity" and "Remote-Party-ID" for display name breaking SIP message (for example the "lost" module cannot parse properly "From" header). Should such be implemented in the Kamailio core also?
### Expected behavior One of these expected: 1) Kamailio drop a message with reserved char usage in the header names and values. For TCP and TLS transport drop connection; 2) sanity module allows checking reserved char usage in the header names and values.