[asterisk-bugs] [JIRA] (ASTERISK-26089) Invalid security events during boot using PJSIP Realtime

Tue Jun 7 10:21:56 CDT 2016

     [ https://issues.asterisk.org/jira/browse/ASTERISK-26089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp closed ASTERISK-26089.
----------------------------------

    Resolution: Suspended

Patch is already up and tagged against other issue. Closing this out.

> Invalid security events during boot using PJSIP Realtime
> --------------------------------------------------------
>
>                 Key: ASTERISK-26089
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26089
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>         Environment: CentOS, Asterisk 13, PJSIP, Realtime, ODBC
>            Reporter: Scott Griepentrog
>
> When Asterisk is configured to use PJSIP with Realtime, the receipt of a SIP REGISTER during bootup (prior to odbc database connections being completed) results in a security event such as InvalidAccountID due to being unable to obtain the account from the database.
> Where the specific customer implementation includes banning IP's based on security events, this causes a window of opportunity for valid endpoints to be banned if they are unlucky enough to attempt REGISTER at the wrong time.
> A workaround for this issue exists in the form of rejecting security events prior to the FullyBooted event being received.  However, this issue would probably be better addressed by adding an option to cause PJSIP inbound traffic to be dropped prior to FullyBooted state, so as to avoid transmitting an incorrect  401 Unauthorized response to the endpoint.

--
This message was sent by Atlassian JIRA
(v6.2#6252)