[asterisk-bugs] [Asterisk 0014013]: 4XX Responses to a BYE request
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Dec 11 14:11:42 CST 2008
The following issue has been RESOLVED.
======================================================================
http://bugs.digium.com/view.php?id=14013
======================================================================
Reported By: manwe
Assigned To: putnopvut
======================================================================
Project: Asterisk
Issue ID: 14013
Category: Channels/chan_sip/General
Reproducibility: sometimes
Severity: minor
Priority: normal
Status: resolved
Asterisk Version: 1.4.23-rc2
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2008-12-03 01:05 CST
Last Modified: 2008-12-11 14:11 CST
======================================================================
Summary: 4XX Responses to a BYE request
Description:
In the Changelog of asterisk 1.4.23RC2 it can be read:
+ /* RFC 3261 Section 15 specifies that if we receive a 408 or 481
+ * in response to a BYE, then we should end the current dialog
+ * and session. There is no mention in the spec of other 4XX responses,
+ * but it is known that at least one phone manufacturer potentially
+ * will send a 404 in response to a BYE, so we'll be liberal in what
+ * we accept and end the dialog and session if we receive any 4XX
+ * response to a BYE.
+ */
And the code:
+ if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) {
+ ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
+ return;
+ }
What about if Asterisk calls through a proxy? It's really possible (and
common) that a proxy requires authentication for BYE, so it replies with
407
and the UAC (Asterisk) should re-generate the BYE with credentials.
Note that RFC 3261 states that requiring authentication for a BYE is a
good
way to avoid calls ending by an attacker (spoofed BYE).
It is also common to receive 483 (too many hops).
I think that having only ip-phones in mind is not a good approach. Not
every 4XX response should end the dialog.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2008-12-11 14:11 putnopvut Status new => resolved
2008-12-11 14:11 putnopvut Resolution open => fixed
2008-12-11 14:11 putnopvut Assigned To => putnopvut
======================================================================
More information about the asterisk-bugs
mailing list