[reSIProcate] [patch] possible DoS with REFER Event: header
Scott Godin
sgodin at sipspectrum.com
Thu Dec 15 07:54:25 CST 2011
Either solution is good with me - however if we are just going to remove an
invalid Event header in a REFER, then we should log a warning to resip
logs, so that the offending implementation can be notified and corrected.
Scott
On Sun, Dec 11, 2011 at 4:23 PM, Aron Rosenberg <arosenberg at logitech.com>wrote:
> It looks like this patch never got applied.
>
> After reviewing it, I might make DUM a little more tolerant and just
> ignore the bad header instead of rejecting the request. Something like
>
> if (request.exists(h_Event))
> request.remove(h_Event);
>
> right before you call makeServerSubscription, but RFC 3515 says nothing
> about an Event header in a REFER message being allowed or dis-allowed, so I
> would err on the side of caution.
>
> Aron Rosenberg
> Sr. Director, Engineering,
> LifeSize, a division of Logitech
>
>
>
>
> On Fri, Nov 18, 2011 at 7:56 AM, Robert Szokovacs <
> robert.szokovacs at gamma.co.uk> wrote:
>
>> Hi,
>>
>> When DUM receives a REFER with and "Event:" header, it will use the value
>> provided by the client (see BaseSubscription.cxx:22), and later it will
>> cause
>> an assert() in ServerSubscription.cxx:208.
>> The attached patch fixes this and reject such request with 489.
>>
>> br
>>
>> Szo
>> _______________________________________________
>> resiprocate-devel mailing list
>> resiprocate-devel at resiprocate.org
>> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>>
>
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20111215/1d7cdc8c/attachment.htm>
More information about the resiprocate-devel
mailing list