< Previous by Date	Date Index	Next by Date >
	Thread Index	Next in Thread >

[reSIProcate] [patch] possible DoS with REFER Event: header

From: Robert Szokovacs <robert.szokovacs@xxxxxxxxxxx>
Date: Fri, 18 Nov 2011 16:56:38 +0100

Hi,

When DUM receives a REFER with and "Event:" header, it will use the value 
provided by the client (see BaseSubscription.cxx:22), and later it will cause 
an assert() in ServerSubscription.cxx:208.
The attached patch fixes this and reject such request with 489.

br

Szo

diff -ruwx .svn resiprocate-1.7/resip/dum/Dialog.cxx resiprocate-new/resip/dum/Dialog.cxx
--- resiprocate-1.7/resip/dum/Dialog.cxx	2011-02-27 18:17:15.000000000 +0100
+++ resiprocate-new/resip/dum/Dialog.cxx	2011-11-17 15:25:08.000000000 +0100
@@ -534,6 +534,18 @@
             }
             else
             {
+               if (request.exists(h_Event))
+               {
+                  if (request.header(h_Event).value() != "refer")
+                  {
+                     InfoLog(<< "Received refer with invalid Event: " << request.header(h_Event).value());
+                     SipMessage failure;
+                     makeResponse(failure, request, 489);
+                     mDum.sendResponse(failure);
+                     return;
+                  }
+               }
+
                if ((request.exists(h_ReferSub) && 
                      request.header(h_ReferSub).isWellFormed() &&
                      request.header(h_ReferSub).value()=="false") ||

Follow-Ups:
- Re: [reSIProcate] [patch] possible DoS with REFER Event: header
  - From: Aron Rosenberg

Prev by Date: [reSIProcate] NOTIFY retransmit, bug or feature?
Next by Date: Re: [reSIProcate] [patch] possible memory corruption in SDP codec handling
Previous by thread: Re: [reSIProcate] NOTIFY retransmit, bug or feature?
Next by thread: Re: [reSIProcate] [patch] possible DoS with REFER Event: header
Index(es):
- Date
- Thread