[asterisk-bugs] [JIRA] (ASTERISK-20653) Asterisk allows Session-Expires below 90 in a 200 OK

Kinsey Moore (JIRA) noreply at issues.asterisk.org
Tue Nov 6 10:07:21 CST 2012 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-20653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kinsey Moore updated ASTERISK-20653:
------------------------------------

    Description: When Asterisk initiates a call to a SIP device, that SIP device may specify a Session-Expires header that falls outside of what is allowed by RFC4028. Asterisk will honor this value instead of tearing down the call as would be appropriate.  See the first review on https://reviewboard.asterisk.org/r/2180/ for further details.  This can be replicated by modifying one of the SIPp UAS scenarios in the review (where Asterisk is UAC) to reduce the Session-Expires header in the 200 OK response to 10.  (was: When Asterisk initiates a call to a SIP device, that SIP device may specify a Session-Expires header that falls outside of what is allowed by RFC4028. Asterisk will honor this value instead of tearing down the call as would be appropriate.  See the first review on https://reviewboard.asterisk.org/r/2180/ for further details.  This can be replicated by modifying one of the SIPp UAS scenarios (where Asterisk is UAC) to reduce the Session-Expires header in the 200 OK response to 10.)
    
> Asterisk allows Session-Expires below 90 in a 200 OK
> ----------------------------------------------------
>
>                 Key: ASTERISK-20653
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20653
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 1.8.17.0, 10.9.0, 11.0.1
>         Environment: Asterisk testsuite, Ubuntu 10.04
>            Reporter: Kinsey Moore
>
> When Asterisk initiates a call to a SIP device, that SIP device may specify a Session-Expires header that falls outside of what is allowed by RFC4028. Asterisk will honor this value instead of tearing down the call as would be appropriate.  See the first review on https://reviewboard.asterisk.org/r/2180/ for further details.  This can be replicated by modifying one of the SIPp UAS scenarios in the review (where Asterisk is UAC) to reduce the Session-Expires header in the 200 OK response to 10.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list