[asterisk-bugs] [JIRA] (ASTERISK-18759) Asterisk re-uses stale nonce in edge case
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Fri Feb 6 16:01:35 CST 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-18759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan closed ASTERISK-18759.
----------------------------------
Resolution: Fixed
Target Release Version/s: 11.16.0
13.2.0
> Asterisk re-uses stale nonce in edge case
> -----------------------------------------
>
> Key: ASTERISK-18759
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-18759
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Registration
> Affects Versions: 1.8.5.0, 1.8.7.1
> Environment: Linux 2.6.37.6 (Salckware 13.37)
> Reporter: feyfre
> Assignee: feyfre
> Target Release: 13.2.0, 11.16.0
>
> Attachments: full
>
>
> Asterisk forgets nonce it sent to SIP client during registartion.
> client sends REGISTER without auth,
> * replies 401 with realm and nonce values (let this nonce == blah
> client sends REGISTER with auth(MD5 calculated against given realm and nonce. calculations are right double checked).
> * replies 401 with realm and another nonce value(let this nonce == otherblah)
> -- after timeout for few seconds configured on client, client again tries to register
> client sends REGISTER without auth,
> * replies 401 with realm and nonce values (let this nonce == yetanotherblah
> client sends REGISTER with auth(MD5 calculated against given realm and nonce. calculations are right double checked).
> * replies 401 with realm and another nonce value(this nonce == otherblah which is equal to otherblah in first retry)
> Attaching trace log.
> Asterisk never expects nonce which it sent to client after first REGISTER retry, remembers nonce == otherblah
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list