YASS

Seems like verify_sip_url does a nice job:

>>> lib.verify_sip_url("sip:lala@somain.com")
0

>>> lib.verify_sip_url("lala@somain.com")
-1

>>> lib.verify_sip_url("sip:ææælala@somain.com")
-1

>>> lib.verify_sip_url("sip:aqqq@somain.com@@")
-1

>>> lib.verify_sip_url("sip:asa.com")
0

>>> lib.verify_sip_url("sip:a@a.com:5060")
0

0 means OK, and -1 means error.

Iñaki, could you please provide some 'malicious' SIP URI examples so we can check if this function does the right job? Thanks!

Check the following SIP URI's:

• Wrong URI:
  • SIp:alice:mypassword@invalid_hostpart.com:5070;param=xxx ("_" is not allowed in host part).

• Valid URI:
  • sip:1_unusual.URI~(to-be!sure)&isn't+it$/crazy?,/;;*:&it+has=1,weird!*pas$wo~d_too.(doesn't-it)@example.com

Yeah! PJSIP rocks!

>>> lib.verify_sip_url("sip:klkklkkl@klklk.com")
0

>>> lib.verify_sip_url("sip:klkklkkl@klklk.com@")
-1

>>> lib.verify_sip_url("sip:1_unusual.URI~(to-be!sure)&isn't+it$/crazy?,/;;*:&it+has=1,weird!*pas$wo~d_too.(doesn't-it)@example.com")
0

yeah!

Oops, it seems like '_' is taken as valid in the host part...

>>> lib
<pjsua.Lib instance at 0x7fc4750277e8>
>>> lib.verify_sip_url("SIp:alice:mypassword@invalid_hostpart.com:5070;param=xxx")
0

Can you point me to the specific rfc section so I can report it to pjsip? Thanks!

RFC 3261 page 221. Check the BNF grammar for "hostname" field:

SIP-URI          =  "sip:" [ userinfo ] hostport
                    uri-parameters [ headers ]

hostport         =  host [ ":" port ]
host             =  hostname / IPv4address / IPv6reference
hostname         =  *( domainlabel "." ) toplabel [ "." ]
domainlabel      =  alphanum
                    / alphanum *( alphanum / "-" ) alphanum
toplabel         =  ALPHA / ALPHA *( alphanum / "-" ) alphanum

alphanum  =  ALPHA / DIGIT

As you can see, "_" is not allowed.

Fixed in trunk r149. PJSIP bug has also been reported :)