[asterisk-bugs] [JIRA] (ASTERISK-25320) chan_sip.c: sip_report_security_event searches for wrong or non existent peer on invite
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Wed Jul 27 10:22:02 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-25320:
-------------------------------------
Target Release Version/s: 14.0.0
> chan_sip.c: sip_report_security_event searches for wrong or non existent peer on invite
> ---------------------------------------------------------------------------------------
>
> Key: ASTERISK-25320
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25320
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Security Framework
> Reporter: Kevin Harwell
> Assignee: Kevin Harwell
> Severity: Minor
> Target Release: 11.20.0, 13.6.0, 14.0.0
>
>
> In chan_sip, after handling an incoming invite a security event is raised describing authorization (success, failure, etc...). However, it is doing a lookup of the peer by extension. This is fine for register messages, but in the case of an invite it may search and find the wrong peer, or a non existent one (for instance, in the case of call pickup). If the peers are configured through realtime this may also cause an unnecessary database lookup when caching is enabled.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list