[Asterisk-code-review] chan_sip: On authentication, pick MD5 for sure. (asterisk[18])

Kevin Harwell asteriskteam at digium.com
Tue Nov 3 15:13:00 CST 2020


Kevin Harwell has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/15099 )

Change subject: chan_sip: On authentication, pick MD5 for sure.
......................................................................

chan_sip: On authentication, pick MD5 for sure.

RFC 8760 added new digest-access-authentication schemes. Testing
revealed that chan_sip does not pick MD5 if several schemes are offered
by the User Agent Server (UAS). This change does not implement any of
the new schemes like SHA-256. This change makes sure, MD5 is picked so
UAS with SHA-2 enabled, like the service www.linphone.org/freesip, can
still be used. This should have worked since day one because SIP/2.0
already envisioned several schemes (see RFC 3261 and its augmented BNF
for 'algorithm' which includes 'token' as third alternative; note: if
'algorithm' was not present, MD5 is still assumed even in RFC 7616).

Change-Id: I61ca0b1f74b5ec2b5f3062c2d661cafeaf597fcd
---
M channels/chan_sip.c
1 file changed, 6 insertions(+), 3 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, approved; Approved for Submit
  George Joseph: Looks good to me, but someone else must approve



diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 78c0bb3..9e3365b 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -23077,6 +23077,7 @@
 	char tmp[512];
 	char *c;
 	char oldnonce[256];
+	int start = 0;
 
 	/* table of recognised keywords, and places where they should be copied */
 	const struct x {
@@ -23091,9 +23092,11 @@
 		{ NULL, 0 },
 	};
 
-	ast_copy_string(tmp, sip_get_header(req, header), sizeof(tmp));
-	if (ast_strlen_zero(tmp))
-		return -1;
+	do {
+		ast_copy_string(tmp, __get_header(req, header, &start), sizeof(tmp));
+		if (ast_strlen_zero(tmp))
+			return -1;
+	} while (strcasestr(tmp, "algorithm=") && !strcasestr(tmp, "algorithm=MD5"));
 	if (strncasecmp(tmp, "Digest ", strlen("Digest "))) {
 		ast_log(LOG_WARNING, "missing Digest.\n");
 		return -1;

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15099
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 18
Gerrit-Change-Id: I61ca0b1f74b5ec2b5f3062c2d661cafeaf597fcd
Gerrit-Change-Number: 15099
Gerrit-PatchSet: 3
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20201103/2d05bae2/attachment.html>


More information about the asterisk-code-review mailing list