[asterisk-bugs] [JIRA] (ASTERISK-28280) chan_sip problem with registration when challenge contains a "domain" field with protocol.

George Joseph (JIRA) noreply at issues.asterisk.org
Mon Feb 11 09:40:47 CST 2019


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

George Joseph updated ASTERISK-28280:
-------------------------------------

    Status: Open  (was: Triage)

> chan_sip problem with registration when challenge contains a "domain" field with protocol.
> ------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-28280
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28280
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Registration
>    Affects Versions: GIT
>            Reporter: Guillaume Genty
>              Labels: patch
>         Attachments: ASTERISK-28280.diff
>
>
> There is a problem in registration challenge-response when the field "domain" is present in the "WWW-Authenticate" challenge header, and contains the protocol.
> As Asterisk adds the protocol to the "uri" field of the "Authorization" response header, you can have the protocol two times.
> Sample:
> SIP/2.0 401 Unauthorized
> [...]
> WWW-Authenticate: Digest realm="xxxxx",domain="sip:1.1.1.1",nonce="xxxxx",opaque="0",stale=false,algorithm=MD5
> REGISTER sip:10.255.7.18 SIP/2.0
> [...]
> Authorization: Digest username="zzzzz", realm="xxxxx", algorithm=MD5, uri="sip:sip:1.1.1.1", nonce="xxxxx", response="xxxxx", opaque="0"
> I know the "domain" field is pretty rare, but I just found it on a "Shoretel Communicator" SIP server (from Mitel).
> It causes the response to be ignored and a new challenge to be sent from the server, so Asterisk was unable to register.
> I wrote a small patch to check this case, the now the answer is valid and the registration is working.
> I also checked in the RFC, the protocol is supposed to be in the domain field: https://tools.ietf.org/html/rfc3261#page-182 (example in chapter 20.44)
> I made this patch on branch 13, as I was not able to quickly compile a more recent branch, but a look at the source code shows that the issue is still present in master (even if chan_sip is deprecated now).



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list