<div dir="ltr"><div dir="ltr">On Wed, Oct 28, 2020 at 2:31 PM Kingsley Tart - Barritel Ltd <<a href="mailto:kingsley.tart@barritel.com">kingsley.tart@barritel.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
We're using Asterisk 13.17.0 with PJSIP 2.8 bundled.<br>
<br>
I've found an issue when Asterisk tries to make a SIP call out using<br>
auth, but has the wrong credentials and keeps getting returned a SIP<br>
407, in this example to an OpenSIPs server requiring user auth.<br>
<br>
Basically this happens:<br>
<br>
1. Asterisk sends plain INVITE to OpenSIPs<br>
2. OpenSIPs responds with SIP 407 auth required with a Proxy-<br>
Authenticate header<br>
3. Asterisk re-sends INVITE to OpenSIPs with Proxy-Authorization<br>
header, but has the wrong password<br>
4. goto step 2 and repeat forever<br>
<br>
So what we're seeing is Asterisk re-sending an INVITE with incorrect<br>
auth (which is clearly never going to work), about every 2ms.<br>
<br>
The Call-ID remains the same all of the time.<br>
<br>
Shouldn't PJSIP realise that this isn't going to work after a few tries<br>
and give up?<br>
<br>
The only way I've found of stopping the seemingly infinite loop is to<br>
either restart Asterisk or temporarily block network traffic between<br>
the two machines in order to break the cycle.<br>
<br>
Any idea whether this has been fixed in a later version?<br></blockquote><div><br></div><div>This is not yet fixed, but is being worked on. I have it as a security issue currently out of caution (although I don't think we'll treat it as one after further investigation).</div></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:tahoma,sans-serif"><font color="#073763">Joshua C. Colp</font></div><div style="font-family:tahoma,sans-serif"><font color="#073763">Asterisk Technical Lead</font></div><div style="font-family:tahoma,sans-serif"><font color="#073763">Sangoma Technologies</font></div><div style="font-family:tahoma,sans-serif"><font color="#073763">Check us out at <a href="http://www.sangoma.com" target="_blank">www.sangoma.com</a> and <a href="http://www.asterisk.org" target="_blank">www.asterisk.org</a></font><br></div></div></div></div></div></div></div></div></div></div></div>