[asterisk-bugs] [JIRA] (ASTERISK-29059) Asterisk sends endless INVITE requests even call is ended

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Tue Sep 1 04:59:47 CDT 2020


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=251877#comment-251877 ] 

Joshua C. Colp commented on ASTERISK-29059:
-------------------------------------------

This is already a known issue. I've marked it as a security issue, but full analysis has not yet been done to determine if it will be treated as a security issue.

> Asterisk sends endless INVITE requests even call is ended
> ---------------------------------------------------------
>
>                 Key: ASTERISK-29059
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29059
>             Project: Asterisk
>          Issue Type: Security
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 14.7.8, 16.11.1, 17.5.1
>         Environment: CentOS7
>            Reporter: Ruslan Lazin
>
> Lets say we have proxy that always return "SIP/2.0 407 Proxy Authentication Required" and "nonce" is different in each answer. 
> Once we originate outgoing call to such server Asterisk falls to infinitive loop sending new INVITE after receiving 407 answer. It might be hundreds of thousands INVITE requests. Even when call is stopped ('core show channels' returns 0 active calls/channels) requests are still sending. Only Asterisk restart can stop INVITE sending.
> To reproduce:
> - Create a server that responses with "SIP/2.0 407 Proxy Authentication Required" and new nonce to every INVITE request. For test proposes you can use mine (sip.lazin.pp.ua:5060   - will be active till 31 Sep 2020) or use sipp (scenario attached) 
> - Make an outbound call to anything at your_proxy
> - stop call in any way (e.g 'channel request hangup all' in cli.)
> - run ngrep and see that asterisk still sends thousands of INVITE
> - restart asterisk to stop INVITE requests.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list