[asterisk-bugs] [Asterisk 0011245]: Asterisk unable to handle Multple Authorization Headers
noreply at bugs.digium.com
noreply at bugs.digium.com
Thu Nov 15 04:45:36 CST 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=11245
======================================================================
Reported By: MrTelephone
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 11245
Category: Channels/chan_sip/Registration
Reproducibility: sometimes
Severity: tweak
Priority: normal
Status: new
Asterisk Version: 1.2.24
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 11-14-2007 12:11 CST
Last Modified: 11-15-2007 04:45 CST
======================================================================
Summary: Asterisk unable to handle Multple Authorization
Headers
Description:
U 10.1.3.65:5060 -> 69.71.79.175:5060
REGISTER sip:sip.picriverisp.net SIP/2.0.
From:
2293699<sip:2293699 at sip.picriverisp.net>;tag=94af8fe8-a010341-13c4-45026-35-10986656-35.
To: 2293699<sip:2293699 at sip.picriverisp.net>.
Call-ID: 94af2570-a010341-13c4-45026-35-309b2630-35.
CSeq: 8626 REGISTER.
Via: SIP/2.0/UDP 10.1.3.65:5060;branch=z9hG4bK-4ea53-13335721-7b40596a.
Max-Forwards: 70.
Supported: timer,replaces,join,100rel.
User-Agent: ARRIS-TM502G release v.05.02.0X SN/0015A37D20F6.
Contact: 2293699<sip:2293699 at 10.1.3.65:5060>.
Authorization: Digest
username="2293699",realm="sip.picriverisp.net",nonce="6c3d3a9c",uri="sip:sip.picriverisp.net",response
Authorization: Digest
username="2293699",realm="sip.picriverisp.net",nonce="38305d6d",uri="sip:sip.picriverisp.net",response
Authorization: Digest
username="2293699",realm="sip.picriverisp.net",nonce="284031de",uri="sip:sip.picriverisp.net",response
Authorization: Digest
username="2293699",realm="sip.picriverisp.net",nonce="7333cfa5",uri="sip:sip.picriverisp.net",response
Authorization: Digest
username="2293699",realm="sip.picriverisp.net",nonce="776ccacf",uri="sip:sip.picriverisp.net",response
Allow: INVITE,ACK,BYE,CANCEL,NOTIFY,PRACK,UPDATE,OPTIONS.
Content-Length: 0.
.
Arris sip endpoints under "unknown" conditions append Authorization
Headers during a register request when a new nonce is received from
asterisk. The newest Auth Header is added to the bottom. Other brand
endpoints work fine.
A workable fix could be to use the last Authorization header instead of
the first.
======================================================================
----------------------------------------------------------------------
oej - 11-15-07 04:45
----------------------------------------------------------------------
You can have multiple auth headers, but with different realms. I don't know
if this is according to the rfcs or not, but it is certainly bad coding.
We could match on our realm and nonce, and possibly should. But sending
several nonces for the same realm seems more like an attack than something
you want to do.
Issue History
Date Modified Username Field Change
======================================================================
11-15-07 04:45 oej Note Added: 0073676
======================================================================
More information about the asterisk-bugs
mailing list