[asterisk-bugs] [JIRA] (ASTERISK-29059) Asterisk sends endless INVITE requests even call is ended

Ruslan Lazin (JIRA) noreply at issues.asterisk.org
Tue Sep 1 05:01:43 CDT 2020


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=251878#comment-251878 ] 

Ruslan Lazin commented on ASTERISK-29059:
-----------------------------------------

SIPp scenario to reproduce the issue
{code:xml}
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE scenario SYSTEM "sipp.dtd">                                                                   -->

<scenario name="UAS answer 407 with new nonce">

 <nop>
  <action>
    <assign assign_to="var" value="0" />
  </action>
 </nop>


 <label id="start_of_loop" />

	 <recv request="ACK" crlf="true" optional="true">
	  </recv>

	 <recv request="INVITE" crlf="true">
	  </recv>

	 <send>
		<![CDATA[

		  SIP/2.0 407 Proxy Authentication Required
		  [last_Via:]
		  [last_From:]
		  [last_To:];tag=[pid]SIPpTag01[call_number]
		  [last_Call-ID:]
		  [last_CSeq:]
		  Contact: <sip:[local_ip]:[local_port];transport=[transport]>
		  Proxy-Authenticate: Digest realm="sip.lazin.pp.ua", nonce="5f4cddbd0001196ceb6b5e97c5cd381727630c7cf2bd8f5[$var]", qop="auth"
		  Server: SIP Proxy
		  Content-Length: 0

		]]>
	  </send>
	  
	 <nop>
	  <action>
		<add assign_to="var" value="1" /> <!-- $1 == 0 -->
	  </action>
	 </nop>
 <nop next="start_of_loop"/>

</scenario>

{code}

> Asterisk sends endless INVITE requests even call is ended
> ---------------------------------------------------------
>
>                 Key: ASTERISK-29059
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29059
>             Project: Asterisk
>          Issue Type: Security
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 14.7.8, 16.11.1, 17.5.1
>         Environment: CentOS7
>            Reporter: Ruslan Lazin
>
> Lets say we have proxy that always return "SIP/2.0 407 Proxy Authentication Required" and "nonce" is different in each answer. 
> Once we originate outgoing call to such server Asterisk falls to infinitive loop sending new INVITE after receiving 407 answer. It might be hundreds of thousands INVITE requests. Even when call is stopped ('core show channels' returns 0 active calls/channels) requests are still sending. Only Asterisk restart can stop INVITE sending.
> To reproduce:
> - Create a server that responses with "SIP/2.0 407 Proxy Authentication Required" and new nonce to every INVITE request. For test proposes you can use mine (sip.lazin.pp.ua:5060   - will be active till 31 Sep 2020) or use sipp (scenario attached) 
> - Make an outbound call to anything at your_proxy
> - stop call in any way (e.g 'channel request hangup all' in cli.)
> - run ngrep and see that asterisk still sends thousands of INVITE
> - restart asterisk to stop INVITE requests.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list