[Asterisk-code-review] chan sip: Prevent extra Session-Expires headers from being ... (asterisk[certified/13.1])

Joshua Colp asteriskteam at digium.com
Wed May 18 17:32:52 CDT 2016 

Joshua Colp has submitted this change and it was merged.

Change subject: chan_sip:  Prevent extra Session-Expires headers from being added
......................................................................


chan_sip:  Prevent extra Session-Expires headers from being added

When chan_sip does a re-INVITE to refresh a session and authentication
is required, the INVITE with the Authorization header containes a
second Session-Expires header without the ";refersher=" parameter.
This is causing some proxies to return a 400.  Also, when Asterisk is
the uas and the refresher, it is including the Session-Expires and
Min-SE headers in OPTIONS messages which is not allowed per RFC4028.

This patch (based on the reporter's) Checks to see if a Session-Expires
header is already in the message before adding another one.  It also
checks that the method is INVITE or UPDATE.

ASTERISK-26030 #close

Change-Id: I58a7b07bab5a3177748d8a7034fb8ad8e11ce1d9
---
M channels/chan_sip.c
1 file changed, 5 insertions(+), 3 deletions(-)

Approvals:
  Mark Michelson: Looks good to me, approved
  Joshua Colp: Looks good to me, but someone else must approve; Verified



diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 42d081d..b864936 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -14225,10 +14225,12 @@
 		add_header(&req, "Require", "replaces");
 	}
 
-	/* Add Session-Timers related headers */
-	if (st_get_mode(p, 0) == SESSION_TIMER_MODE_ORIGINATE
+	/* Add Session-Timers related headers if not already there */
+	if (ast_strlen_zero(sip_get_header(&req, "Session-Expires")) &&
+		(sipmethod == SIP_INVITE || sipmethod == SIP_UPDATE) &&
+		(st_get_mode(p, 0) == SESSION_TIMER_MODE_ORIGINATE
 		|| (st_get_mode(p, 0) == SESSION_TIMER_MODE_ACCEPT
-			&& st_get_se(p, FALSE) != DEFAULT_MIN_SE)) {
+			&& st_get_se(p, FALSE) != DEFAULT_MIN_SE))) {
 		char i2astr[10];
 
 		if (!p->stimer->st_interval) {

-- 
To view, visit https://gerrit.asterisk.org/2856
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I58a7b07bab5a3177748d8a7034fb8ad8e11ce1d9
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.1
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>

More information about the asterisk-code-review mailing list