kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-31 02:37:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove registertrying option in chan_sip

Browse Source 
This option is not only useless, but has been broken since inception since
the flag was never copied from the peer where it is set to the pvt where
it was checked. RFC 3261 specificially states that you should not send a
provisional response to a non-INVITE request, and if we did fix the code
so that it worked, it would cause the same kind of user enumeration
vulnerability that we've discussed with the nat= setting. This patch
removes registertrying option and any code that would have sent a 100
response to a register.

Review: https://reviewboard.asterisk.org/r/1562/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@343220 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Terry Wilson
2011-11-02 22:59:36 +00:00
parent fb50c1db4b
commit 5844133aba
3 changed files with 4 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
channels/chan_sip.c
View File

@@ -14411,8 +14411,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock
res = AUTH_PEER_NOT_DYNAMIC;
} else {
ast_copy_flags(&p->flags[0], &peer->flags[0], SIP_NAT_FORCE_RPORT);
if (ast_test_flag(&p->flags[1], SIP_PAGE2_REGISTERTRYING))
transmit_response(p, "100 Trying", req);
if (!(res = check_auth(p, req, peer->name, peer->secret, peer->md5secret, SIP_REGISTER, uri2, XMIT_UNRELIABLE, req->ignore))) {
if (sip_cancel_destroy(p))
ast_log(LOG_WARNING, "Unable to cancel SIP destruction. Expect bad things.\n");
@@ -14502,14 +14500,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock
ao2_unlock(peer);
}
}
if (!peer && sip_cfg.alwaysauthreject && ast_test_flag(&p->flags[1], SIP_PAGE2_REGISTERTRYING)) {
/* If we found a peer, we transmit a 100 Trying. Therefore, if we're
* trying to avoid leaking information, we MUST also transmit the same
* response when we DON'T find a peer. */
transmit_response(p, "100 Trying", req);
/* Insert a fake delay between the 100 and the subsequent failure. */
sched_yield();
}
if (!res) {
ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", peer->name);
}
@@ -17079,7 +17069,6 @@ static char *_sip_show_peer(int type, int fd, struct mansession *s, const struct
ast_cli(fd, ")\n");
ast_cli(fd, " Auto-Framing : %s \n", AST_CLI_YESNO(peer->autoframing));
ast_cli(fd, " 100 on REG : %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[1], SIP_PAGE2_REGISTERTRYING)));
ast_cli(fd, " Status : ");
peer_status(peer, status, sizeof(status));
ast_cli(fd, "%s\n", status);
@@ -27014,8 +27003,6 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str
}
} else if (!strcasecmp(v->name, "preferred_codec_only")) {
ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_PREFERRED_CODEC);
} else if (!strcasecmp(v->name, "registertrying")) {
ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_REGISTERTRYING);
} else if (!strcasecmp(v->name, "autoframing")) {
peer->autoframing = ast_true(v->value);
} else if (!strcasecmp(v->name, "rtptimeout")) {