[asterisk-bugs] [Asterisk 0012278]: [patch] Add Server: instead of User-Agent: header in Asterisk generated SIP responses

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Mar 25 05:49:45 CDT 2008


The following issue has been ASSIGNED. 
====================================================================== 
http://bugs.digium.com/view.php?id=12278 
====================================================================== 
Reported By:                rjain
Assigned To:                oej
====================================================================== 
Project:                    Asterisk
Issue ID:                   12278
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   trivial
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!): 110578 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             03-22-2008 19:36 CDT
Last Modified:              03-25-2008 05:49 CDT
====================================================================== 
Summary:                    [patch] Add Server: instead of User-Agent: header in
Asterisk generated SIP responses
Description: 
Asterisk currently inserts User-Agent: header in the SIP responses it
generates. A SIP UAS should insert Server: header instead. The Server: and
User-Agent: are meant for human consumption and not automaton, thus this
isn't really a software bug. But, it is inconsistent with other SIP
implementations and a bit of annoyance when you're looking at SIP traces
that include Asterisk SIP messaging.  

Below are sections of RFC 3261 that explain the roles of User-Agent: and
Server: headers.

20.35 Server

   The Server header field contains information about the software used
   by the UAS to handle the request.

   Revealing the specific software version of the server might allow the
   server to become more vulnerable to attacks against software that is
   known to contain security holes.  Implementers SHOULD make the Server
   header field a configurable option.

   Example:

      Server: HomeServer v2

20.41 User-Agent

   The User-Agent header field contains information about the UAC
   originating the request.  The semantics of this header field are
   defined in [H14.43].

   Revealing the specific software version of the user agent might allow
   the user agent to become more vulnerable to attacks against software
   that is known to contain security holes.  Implementers SHOULD make
   the User-Agent header field a configurable option.

   Example:

      User-Agent: Softphone Beta1.5


====================================================================== 

---------------------------------------------------------------------- 
 svnbot - 03-25-08 05:49  
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 110625

U   trunk/channels/chan_sip.c

------------------------------------------------------------------------
r110625 | oej | 2008-03-25 05:49:42 -0500 (Tue, 25 Mar 2008) | 6 lines

Use the "Server" header when responding to SIP requests.
(closes issue http://bugs.digium.com/view.php?id=12278)
Reported by: rjain
Patches: 
      chan_sip.c.diff uploaded by rjain (license 226)

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=110625 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-25-08 05:49  svnbot         Checkin                                      
03-25-08 05:49  svnbot         Note Added: 0084480                          
03-25-08 05:49  svnbot         Status                   new => assigned     
03-25-08 05:49  svnbot         Assigned To               => oej             
======================================================================




More information about the asterisk-bugs mailing list