[asterisk-bugs] [Asterisk 0014013]: 4XX Responses to a BYE request

Asterisk Bug Tracker noreply at bugs.digium.com
Wed Dec 3 11:11:24 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14013 
====================================================================== 
Reported By:                manwe
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   14013
Category:                   Channels/chan_sip/General
Reproducibility:            sometimes
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.23-rc2 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-12-03 01:05 CST
Last Modified:              2008-12-03 11:11 CST
====================================================================== 
Summary:                    4XX Responses to a BYE request
Description: 
In the Changelog of asterisk 1.4.23RC2 it can be read:

+	/* RFC 3261 Section 15 specifies that if we receive a 408 or 481
+	 * in response to a BYE, then we should end the current dialog
+	 * and session. There is no mention in the spec of other 4XX responses,
+	 * but it is known that at least one phone manufacturer potentially
+	 * will send a 404 in response to a BYE, so we'll be liberal in what
+	 * we accept and end the dialog and session if we receive any 4XX 
+	 * response to a BYE.
+	 */

And the code:

+	if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) {
+		ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
+		return;
+	}



What about if Asterisk calls through a proxy? It's really possible (and 
common) that a proxy requires authentication for BYE, so it replies with
407 
and the UAC (Asterisk) should re-generate the BYE with credentials.
Note that RFC 3261 states that requiring authentication for a BYE is a
good 
way to avoid calls ending by an attacker (spoofed BYE).

It is also common to receive 483 (too many hops).

I think that having only ip-phones in mind is not a good approach. Not
every 4XX response should end the dialog.

====================================================================== 

---------------------------------------------------------------------- 
 (0095732) ibc (reporter) - 2008-12-03 11:11
 http://bugs.digium.com/view.php?id=14013#c95732 
---------------------------------------------------------------------- 
Yes, the only important point here is the ability of Asterisk to send a BYE
with credentials if the proxy/endpoint replies 401/407. This could be
important in the proxy side (correct accounting) so Asterisk should honor
the 401/407.

In case the second BYE (with credentials) also fails (again 401/407 or
other 4XX) then Asterisk should, as you say, end this leg (first leg was
already terminated before). 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-03 11:11 ibc            Note Added: 0095732                          
======================================================================




More information about the asterisk-bugs mailing list