[asterisk-dev] Reminder: Matching peers on contact in invite is wrong and potentially dangerous.
Olle E. Johansson
oej at edvina.net
Thu Sep 3 04:12:49 CDT 2009
Just a reminder. We need to fix this as this is an issue in released
code.
A) It changes the current behaviour without proper documentation. We
should not do that. We should add config option to change matching.
B) Relying on contact for matching incoming calls is, well, just plain
wrong and with the current TCP implementation open for bad stuff to
happen.
I still don't understand the comment about not being able to get the
sender's address for TCP connections? That the port is different is
well known, so we will have to stick with matching on IP and document
it carefully. That is an existing function in the peer matching and we
can turn that on by default for TCP with or without TLS. And document
it everywhere possible.
From sip.conf.sample:
;insecure=port ; Allow matching of peer by IP
address without
; matching port number
/O
More information about the asterisk-dev
mailing list