[asterisk-bugs] [JIRA] (ASTERISK-18759) Asterisk re-uses stale nonce in edge case
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Fri Feb 6 16:01:35 CST 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-18759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=224790#comment-224790 ]
Matt Jordan commented on ASTERISK-18759:
----------------------------------------
Although we ended up reproducing this in a different fashion, the fix that was done for ASTERISK-24715 should also fix the problem here.
> Asterisk re-uses stale nonce in edge case
> -----------------------------------------
>
> Key: ASTERISK-18759
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-18759
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Registration
> Affects Versions: 1.8.5.0, 1.8.7.1
> Environment: Linux 2.6.37.6 (Salckware 13.37)
> Reporter: feyfre
> Assignee: feyfre
> Target Release: 11.16.0, 13.2.0
>
> Attachments: full
>
>
> Asterisk forgets nonce it sent to SIP client during registartion.
> client sends REGISTER without auth,
> * replies 401 with realm and nonce values (let this nonce == blah
> client sends REGISTER with auth(MD5 calculated against given realm and nonce. calculations are right double checked).
> * replies 401 with realm and another nonce value(let this nonce == otherblah)
> -- after timeout for few seconds configured on client, client again tries to register
> client sends REGISTER without auth,
> * replies 401 with realm and nonce values (let this nonce == yetanotherblah
> client sends REGISTER with auth(MD5 calculated against given realm and nonce. calculations are right double checked).
> * replies 401 with realm and another nonce value(this nonce == otherblah which is equal to otherblah in first retry)
> Attaching trace log.
> Asterisk never expects nonce which it sent to client after first REGISTER retry, remembers nonce == otherblah
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list