[asterisk-dev] [Code Review] SIP registration auth loop caused by stale nonce

Tilghman Lesher tlesher at digium.com
Tue Jun 23 22:08:20 CDT 2009


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.digium.com/r/289/#review875
-----------------------------------------------------------


The danger here, though, is that this opens us up to replay attacks.  We must ensure that each nonce is only USED once.  It would be fine to be okay with a previous nonce, as long as another response did not also use that nonce.  I think you may need to rethink this change.

- Tilghman


On 2009-06-23 16:11:21, David Vossel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://reviewboard.digium.com/r/289/
> -----------------------------------------------------------
> 
> (Updated 2009-06-23 16:11:21)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> If an endpoint sends two registration requests in a very short period of time with the same nonce, both receive 401 responses from Asterisk, each with a different nonce (the second 401 containing the current nonce and the first one being stale).  If the endpoint responds to the first 401, it does not match the current nonce so Asterisk sends a third 401 with a newly generated nonce (which updates the current nonce)... Now if the endpoint responds to the second 401, it does not match the current nonce either and Asterisk sends a fourth 401 with a newly generated nonce... This loop goes on and on.  For a more detailed explanation see (issue #15102).
> 
> There appears to be a simple fix for this.  If the nonce from the request does not match our nonce, but is a good response to a previous nonce, instead of sending a 401 with a newly generated nonce, use the current one instead.  This breaks the loop as the nonce is not updated until a response is received.
> 
> Thanks to Jamuel for reporting the bug associated with this,(issue #15102), and suppling the patch.
> 
> 
> This addresses bug 15102.
>     https://issues.asterisk.org/view.php?id=15102
> 
> 
> Diffs
> -----
> 
>   /branches/1.4/channels/chan_sip.c 202671 
> 
> Diff: http://reviewboard.digium.com/r/289/diff
> 
> 
> Testing
> -------
> 
> Jamuel's test results "Tested and works on Asterisk 1.4.24.1 with Polycom Soundpoint IP 501, 450, 650, and 6000."
> 
> 
> Thanks,
> 
> David
> 
>




More information about the asterisk-dev mailing list