[asterisk-bugs] [JIRA] (ASTERISK-26089) Invalid security events during boot using PJSIP Realtime

Scott Griepentrog (JIRA) noreply at issues.asterisk.org
Mon Jun 6 16:33:56 CDT 2016


Scott Griepentrog created ASTERISK-26089:
--------------------------------------------

             Summary: Invalid security events during boot using PJSIP Realtime
                 Key: ASTERISK-26089
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26089
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: pjproject/pjsip
         Environment: CentOS, Asterisk 13, PJSIP, Realtime, ODBC
            Reporter: Scott Griepentrog


When Asterisk is configured to use PJSIP with Realtime, the receipt of a SIP REGISTER during bootup (prior to odbc database connections being completed) results in a security event such as InvalidAccountID due to being unable to obtain the account from the database.

Where the specific customer implementation includes banning IP's based on security events, this causes a window of opportunity for valid endpoints to be banned if they are unlucky enough to attempt REGISTER at the wrong time.

A workaround for this issue exists in the form of rejecting security events prior to the FullyBooted event being received.  However, this issue would probably be better addressed by adding an option to cause PJSIP inbound traffic to be dropped prior to FullyBooted state, so as to avoid transmitting an incorrect  401 Unauthorized response to the endpoint.




--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list