[asterisk-commits] bebuild: branch certified-13.1 r429869 - in /certified/branches/13.1: ./ res/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Dec 19 14:55:50 CST 2014 

Author: bebuild
Date: Fri Dec 19 14:55:46 2014
New Revision: 429869

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=429869
Log:
Prevent potential infinite outbound authentication loops in registration.

Prior to this patch, Asterisk would always respond to 401 responses to
registration attempts by trying to provide a registration with authentication
credentials. Even if subsequent attempts were rejected with 401 responses,
Asterisk would continue this behavior. If authentication credentials were
incorrect, this could continue forever.

With this patch, we keep track of whether we have attempted authentication
on an outbound registration attempt. If we already have, we don not try
again until the next attempt. This prevents the infinite loop scenario.

Review: https://reviewboard.asterisk.org/r/4273
........

Merged revisions 429761 from http://svn.asterisk.org/svn/asterisk/branches/13

Modified:
    certified/branches/13.1/   (props changed)
    certified/branches/13.1/res/res_pjsip_outbound_registration.c

Propchange: certified/branches/13.1/
------------------------------------------------------------------------------
--- branch-13-merged (original)
+++ branch-13-merged Fri Dec 19 14:55:46 2014
@@ -1,1 +1,1 @@
-/branches/13:429175,429196,429409,429433,429477,429540,429571,429739,429829
+/branches/13:429175,429196,429409,429433,429477,429540,429571,429739,429761,429829

Modified: certified/branches/13.1/res/res_pjsip_outbound_registration.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/res/res_pjsip_outbound_registration.c?view=diff&rev=429869&r1=429868&r2=429869
==============================================================================
--- certified/branches/13.1/res/res_pjsip_outbound_registration.c (original)
+++ certified/branches/13.1/res/res_pjsip_outbound_registration.c Fri Dec 19 14:55:46 2014
@@ -256,6 +256,8 @@
 	struct ast_sip_auth_vector outbound_auths;
 	/*! \brief Registration should be destroyed after completion of transaction */
 	unsigned int destroy:1;
+	/*! \brief Non-zero if we have attempted sending a REGISTER with authentication */
+	unsigned int auth_attempted:1;
 };
 
 /*! \brief Outbound registration state information (persists for lifetime that registration should exist) */
@@ -563,18 +565,23 @@
 	ast_copy_pj_str(server_uri, &info.server_uri, sizeof(server_uri));
 	ast_copy_pj_str(client_uri, &info.client_uri, sizeof(client_uri));
 
-	if (response->code == 401 || response->code == 407) {
+	if (!response->client_state->auth_attempted &&
+			(response->code == 401 || response->code == 407)) {
 		pjsip_tx_data *tdata;
 		if (!ast_sip_create_request_with_auth(&response->client_state->outbound_auths,
 				response->rdata, response->tsx, &tdata)) {
 			ao2_ref(response->client_state, +1);
+			response->client_state->auth_attempted = 1;
 			if (pjsip_regc_send(response->client_state->client, tdata) != PJ_SUCCESS) {
+				response->client_state->auth_attempted = 0;
 				ao2_cleanup(response->client_state);
 			}
 			return 0;
 		}
 		/* Otherwise, fall through so the failure is processed appropriately */
 	}
+
+	response->client_state->auth_attempted = 0;
 
 	if (PJSIP_IS_STATUS_IN_CLASS(response->code, 200)) {
 		/* Check if this is in regards to registering or unregistering */

More information about the asterisk-commits mailing list