[asterisk-bugs] [Asterisk 0014013]: 4XX Responses to a BYE request

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Dec 11 14:11:42 CST 2008


The following issue has been RESOLVED. 
====================================================================== 
http://bugs.digium.com/view.php?id=14013 
====================================================================== 
Reported By:                manwe
Assigned To:                putnopvut
====================================================================== 
Project:                    Asterisk
Issue ID:                   14013
Category:                   Channels/chan_sip/General
Reproducibility:            sometimes
Severity:                   minor
Priority:                   normal
Status:                     resolved
Asterisk Version:           1.4.23-rc2 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2008-12-03 01:05 CST
Last Modified:              2008-12-11 14:11 CST
====================================================================== 
Summary:                    4XX Responses to a BYE request
Description: 
In the Changelog of asterisk 1.4.23RC2 it can be read:

+	/* RFC 3261 Section 15 specifies that if we receive a 408 or 481
+	 * in response to a BYE, then we should end the current dialog
+	 * and session. There is no mention in the spec of other 4XX responses,
+	 * but it is known that at least one phone manufacturer potentially
+	 * will send a 404 in response to a BYE, so we'll be liberal in what
+	 * we accept and end the dialog and session if we receive any 4XX 
+	 * response to a BYE.
+	 */

And the code:

+	if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) {
+		ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
+		return;
+	}



What about if Asterisk calls through a proxy? It's really possible (and 
common) that a proxy requires authentication for BYE, so it replies with
407 
and the UAC (Asterisk) should re-generate the BYE with credentials.
Note that RFC 3261 states that requiring authentication for a BYE is a
good 
way to avoid calls ending by an attacker (spoofed BYE).

It is also common to receive 483 (too many hops).

I think that having only ip-phones in mind is not a good approach. Not
every 4XX response should end the dialog.

====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-11 14:11 putnopvut      Status                   new => resolved     
2008-12-11 14:11 putnopvut      Resolution               open => fixed       
2008-12-11 14:11 putnopvut      Assigned To               => putnopvut       
======================================================================




More information about the asterisk-bugs mailing list