[asterisk-bugs] [Asterisk 0013296]: "From" shouldn't be matched against "users" if INVITE arrives from a "peer" IP

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Dec 5 10:57:30 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=13296 
====================================================================== 
Reported By:                ibc
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13296
Category:                   Channels/chan_sip/General
Reproducibility:            have not tried
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-08-13 04:30 CDT
Last Modified:              2008-12-05 10:57 CST
====================================================================== 
Summary:                    "From" shouldn't be matched against "users" if
INVITE arrives from a "peer" IP
Description: 
Hi, I've realized that Asterisk matches "From" header even if the call
arrives via a defined "peer" IP, so Asterisk asks it for authentication
(that is not possible coming from a provider).

Example:

sip.conf:
----------
[200]
type=friend
host=dynamic
secret=*****

[provider]
type=peer
host=1.2.3.4
----------

If the following INVITE arrives from IP 1.2.3.4 then Asterisk will reject
it with "403 Forbidden" since it matches the "From:
sip:200 at sip_provider.com" against user 200:

---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
---------------

IMHO Asterisk must not try to match a user ("From") if the INVITE arrives
from a peer IP.
The only way to solve it is by ensuring that any INVITE arriving from the
peer has a "From" different than any Asterisk user, that is impossible
(imagine the case in which Asterisk receives a call from an external SIP
provider with peering relation with "sip_provider.com", something like:

---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
P-Asserted-Identity: <sip:999888777 at sip_provider.com>
---------------

PD: I know Asterisk doesn't handle PAI header, imagine then it's RPID.

====================================================================== 

---------------------------------------------------------------------- 
 (0095870) blitzrage (administrator) - 2008-12-05 10:57
 http://bugs.digium.com/view.php?id=13296#c95870 
---------------------------------------------------------------------- 
I'm closing this issue as it is quite clear the way this currently works is
a bug, and the request to change the way this is handled is a feature
request. Thanks! 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-05 10:57 blitzrage      Note Added: 0095870                          
======================================================================




More information about the asterisk-bugs mailing list