[reSIProcate] [patch] possible DoS with REFER Event: header
Robert Szokovacs
robert.szokovacs at gamma.co.uk
Thu Dec 15 07:23:01 CST 2011
On 2011 December 11, Sunday 13:23:22 Aron Rosenberg wrote:
> It looks like this patch never got applied.
>
> After reviewing it, I might make DUM a little more tolerant and just ignore
> the bad header instead of rejecting the request. Something like
>
> if (request.exists(h_Event))
> request.remove(h_Event);
>
> right before you call makeServerSubscription, but RFC 3515 says nothing
> about an Event header in a REFER message being allowed or dis-allowed, so I
> would err on the side of caution.
This version is fine with me too!
br
Szo
More information about the resiprocate-devel
mailing list