[asterisk-bugs] [JIRA] (ASTERISK-28280) chan_sip problem with registration when challenge contains a "domain" field with protocol.
George Joseph (JIRA)
noreply at issues.asterisk.org
Mon Feb 11 09:40:47 CST 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
George Joseph updated ASTERISK-28280:
-------------------------------------
Status: Open (was: Triage)
> chan_sip problem with registration when challenge contains a "domain" field with protocol.
> ------------------------------------------------------------------------------------------
>
> Key: ASTERISK-28280
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28280
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Registration
> Affects Versions: GIT
> Reporter: Guillaume Genty
> Labels: patch
> Attachments: ASTERISK-28280.diff
>
>
> There is a problem in registration challenge-response when the field "domain" is present in the "WWW-Authenticate" challenge header, and contains the protocol.
> As Asterisk adds the protocol to the "uri" field of the "Authorization" response header, you can have the protocol two times.
> Sample:
> SIP/2.0 401 Unauthorized
> [...]
> WWW-Authenticate: Digest realm="xxxxx",domain="sip:1.1.1.1",nonce="xxxxx",opaque="0",stale=false,algorithm=MD5
> REGISTER sip:10.255.7.18 SIP/2.0
> [...]
> Authorization: Digest username="zzzzz", realm="xxxxx", algorithm=MD5, uri="sip:sip:1.1.1.1", nonce="xxxxx", response="xxxxx", opaque="0"
> I know the "domain" field is pretty rare, but I just found it on a "Shoretel Communicator" SIP server (from Mitel).
> It causes the response to be ignored and a new challenge to be sent from the server, so Asterisk was unable to register.
> I wrote a small patch to check this case, the now the answer is valid and the registration is working.
> I also checked in the RFC, the protocol is supposed to be in the domain field: https://tools.ietf.org/html/rfc3261#page-182 (example in chapter 20.44)
> I made this patch on branch 13, as I was not able to quickly compile a more recent branch, but a look at the source code shows that the issue is still present in master (even if chan_sip is deprecated now).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list