[asterisk-dev] [Code Review] Don't leak caller-id info in the From header when sending rpid header if caller presentation is set to unavailable.
rmudgett
reviewboard at asterisk.org
Fri Jan 6 16:44:45 CST 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1649/#review5125
-----------------------------------------------------------
Ship it!
Looks ok to me based upon what the description says is needed.
- rmudgett
On Jan. 4, 2012, 3:37 p.m., Terry Wilson wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1649/
> -----------------------------------------------------------
>
> Review request for Asterisk Developers and rmudgett.
>
>
> Summary
> -------
>
> When someone does Set(CALLERPRES()=unavailable) (or Set(CALLERID(pres)=unavailable)), when sendrpid=no, the From header shows "Anonymous" <anonymous at anonymous.invalid>. When sendrpid=yes/pai, the From header will still display the callerid info, even though we supply an rpid header with the anonymous info. It seems like we shouldn't leak that info in any case. Skimming http://tools.ietf.org/html/draft-ietf-sip-privacy-04 seems to indicate that one shouldn't send identifying info in the From in this case.
>
>
> This addresses bug ASTERISK-16538.
> https://issues.asterisk.org/jira/browse/ASTERISK-16538
>
>
> Diffs
> -----
>
> /branches/1.8/channels/chan_sip.c 349501
>
> Diff: https://reviewboard.asterisk.org/r/1649/diff
>
>
> Testing
> -------
>
> Verified that the From header contains the anonymous data for sendrpid=yes/no/pai
>
>
> Thanks,
>
> Terry
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120106/9bccb501/attachment.htm>
More information about the asterisk-dev
mailing list