[asterisk-bugs] [JIRA] (ASTERISK-20653) Asterisk allows Session-Expires below 90 in a 200 OK
Kinsey Moore (JIRA)
noreply at issues.asterisk.org
Tue Nov 6 14:46:21 CST 2012
[ https://issues.asterisk.org/jira/browse/ASTERISK-20653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kinsey Moore updated ASTERISK-20653:
------------------------------------
Attachment: rfc_breakers.diff
Added a diff containing two tests for RFC4028 breakage. One fails (as per this bug) and the other passes since it works correctly. Note that the test that passes may be exposing another bug since it takes upwards of 20 seconds to complete (it appears as if Asterisk is hanging around unnecessarily long).
> Asterisk allows Session-Expires below 90 in a 200 OK
> ----------------------------------------------------
>
> Key: ASTERISK-20653
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20653
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 1.8.17.0, 10.9.0, 11.0.1
> Environment: Asterisk testsuite, Ubuntu 10.04
> Reporter: Kinsey Moore
> Attachments: rfc_breakers.diff
>
>
> When Asterisk initiates a call to a SIP device, that SIP device may specify a Session-Expires header that falls outside of what is allowed by RFC4028. Asterisk will honor this value instead of tearing down the call as would be appropriate. See the first review on https://reviewboard.asterisk.org/r/2180/ for further details. This can be replicated by modifying one of the SIPp UAS scenarios in the review (where Asterisk is UAC) to reduce the Session-Expires header in the 200 OK response to 10.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list