[Asterisk-code-review] res pjsip: Endpoint IP Access Controls (asterisk[13])

Joshua Colp asteriskteam at digium.com
Mon Apr 18 10:38:22 CDT 2016 

Joshua Colp has posted comments on this change.

Change subject: res_pjsip: Endpoint IP Access Controls
......................................................................


Patch Set 4: Code-Review-1

(2 comments)

https://gerrit.asterisk.org/#/c/2551/4/res/res_pjsip/pjsip_distributor.c
File res/res_pjsip/pjsip_distributor.c:

PS4, Line 405: 		if (pjsip_method_cmp(&rdata->msg_info.msg->line.req.method, &pjsip_options_method) &&
             : 		    pjsip_method_cmp(&rdata->msg_info.msg->line.req.method, &pjsip_notify_method)) {
             : 			log_failed_request(rdata, "No matching endpoint found");
             : 			ast_sip_report_invalid_endpoint(name, rdata);
I disagree with this change. Requests coming in without an endpoint should still be logged, even if the OPTIONS or NOTIFY may appear harmless.


PS4, Line 518: 			if (endpoint!=artificial_endpoint) {
             : 				log_failed_request(rdata, "Failed to authenticate");
             : 				ast_sip_report_auth_failed_challenge_response(endpoint, rdata);
             : 			}
             : 			pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL);
             : 			return PJ_TRUE;
             : 		case AST_SIP_AUTHENTICATION_ERROR:
             : 			if (endpoint!=artificial_endpoint) {
             : 				log_failed_request(rdata, "Error to authenticate");
             : 				ast_sip_report_auth_failed_challenge_response(endpoint, rdata);
             : 			}
This is a substantial behavior change. Why was it done? What security events get raised in this scenario now?


-- 
To view, visit https://gerrit.asterisk.org/2551
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I456dea3909d929d413864fb347d28578415ebf02
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <george.joseph at fairview5.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-HasComments: Yes

More information about the asterisk-code-review mailing list