[asterisk-bugs] [JIRA] (ASTERISK-28280) chan_sip
Guillaume Genty (JIRA)
noreply at issues.asterisk.org
Fri Feb 8 16:29:47 CST 2019
Guillaume Genty created ASTERISK-28280:
------------------------------------------
Summary: chan_sip
Key: ASTERISK-28280
URL: https://issues.asterisk.org/jira/browse/ASTERISK-28280
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Channels/chan_sip/Registration
Affects Versions: GIT
Reporter: Guillaume Genty
Attachments: ASTERISK-28280.diff
There is a problem in registration challenge-response when the field "domain" is present in the "WWW-Authenticate" challenge header, and contains the protocol.
As Asterisk adds the protocol to the "uri" field of the "Authorization" response header, you can have the protocol two times.
Sample:
SIP/2.0 401 Unauthorized
[...]
WWW-Authenticate: Digest realm="xxxxx",domain="sip:1.1.1.1",nonce="xxxxx",opaque="0",stale=false,algorithm=MD5
REGISTER sip:10.255.7.18 SIP/2.0
[...]
Authorization: Digest username="zzzzz", realm="xxxxx", algorithm=MD5, uri="sip:sip:1.1.1.1", nonce="xxxxx", response="xxxxx", opaque="0"
I know the "domain" field is pretty rare, but I just found it on a "Shoretel Communicator" SIP server (from Mitel).
It causes the response to be ignored and a new challenge to be sent from the server, so Asterisk was unable to register.
I wrote a small patch to check this case, the now the answer is valid and the registration is working.
I also checked in the RFC, the protocol is supposed to be in the domain field: https://tools.ietf.org/html/rfc3261#page-182 (example in chapter 20.44)
I made this patch on branch 13, as I was not able to quickly compile a more recent branch, but a look at the source code shows that the issue is still present in master (even if chan_sip is deprecated now).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list