[asterisk-commits] twilson: branch 10 r349977 - in /branches/10: ./ channels/chan_sip.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Jan 6 17:25:10 CST 2012 

Author: twilson
Date: Fri Jan  6 17:25:03 2012
New Revision: 349977

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=349977
Log:
Don't leak CID in From header when presentation=unavailable

When someone does Set(CALLERPRES()=unavailable) (or
Set(CALLERID(pres)=unavailable)) when sendrpid=no, the From header shows
"Anonymous" <anonymous at anonymous.invalid>. When sendrpid=yes/pai, the From
header will still display the callerid info, even though we supply an rpid
header with the anonymous info. It seems like we shouldn't leak that info in
any case. Skimming http://tools.ietf.org/html/draft-ietf-sip-privacy-04 seems
to indicate that one shouldn't send identifying info in the From in this case.

This patch anonymizes the From header as well even when sendrpid=yes/pai.

(closes issue ASTERISK-16538)

Review: https://reviewboard.asterisk.org/r/1649/
........

Merged revisions 349968 from http://svn.asterisk.org/svn/asterisk/branches/1.8

Modified:
    branches/10/   (props changed)
    branches/10/channels/chan_sip.c

Propchange: branches/10/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: branches/10/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/10/channels/chan_sip.c?view=diff&rev=349977&r1=349976&r2=349977
==============================================================================
--- branches/10/channels/chan_sip.c (original)
+++ branches/10/channels/chan_sip.c Fri Jan  6 17:25:03 2012
@@ -12099,8 +12099,9 @@
 		if ((ast_party_id_presentation(&p->owner->connected.id) & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED) {
 			l = p->owner->connected.id.number.valid ? p->owner->connected.id.number.str : NULL;
 			n = p->owner->connected.id.name.valid ? p->owner->connected.id.name.str : NULL;
-		} else if (!ast_test_flag(&p->flags[0], SIP_SENDRPID)) {
-			/* if we are not sending RPID and user wants his callerid restricted */		
+		} else {
+			/* Even if we are using RPID, we shouldn't leak information in the From if the user wants
+			 * their callerid restricted */
 			l = CALLERID_UNKNOWN;
 			n = l;
 			d = FROMDOMAIN_INVALID;

More information about the asterisk-commits mailing list