diff options
| author | file <file@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-11-04 19:15:50 +0000 |
|---|---|---|
| committer | file <file@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-11-04 19:15:50 +0000 |
| commit | b607b2ad94c49457955fa4f8e8162cc215e85801 (patch) | |
| tree | 17bf31c6bffed0c94c97dcdb78480ff967cb627d | |
| parent | 53061520c5fdceb7ccfdd80572c4431a46ecc404 (diff) | |
Fix a security issue where sending a REGISTER with a differing username in the From
URI and Authorization header would reveal whether it was valid or not.
(AST-2009-008)
git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.6.1.9@227696 f38db490-d61c-443f-a65b-d21fe96a405b
| -rw-r--r-- | channels/chan_sip.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 4bce649f7..ee6128cc6 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -11739,11 +11739,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr Asterisk uses the From: username for authentication. We need the devices to use the same authentication user name until we support proper authentication by digest auth name */ - transmit_response(p, "403 Authentication user name does not match account name", &p->initreq); - if (global_authfailureevents) - manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_USERNAME_MISMATCH\r\nAddress: %s\r\nPort: %d\r\n", - name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); - break; case AUTH_NOT_FOUND: case AUTH_PEER_NOT_DYNAMIC: case AUTH_ACL_FAILED: @@ -11760,8 +11755,8 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr else transmit_response(p, "404 Not found", &p->initreq); if (global_authfailureevents) - manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: URI_NOT_FOUND\r\nAddress: %s\r\nPort: %d\r\n", - name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: %s\r\nAddress: %s\r\nPort: %d\r\n", + (res == AUTH_USERNAME_MISMATCH) ? "AUTH_USERNAME_MISMATCH" : "URI_NOT_FOUND", name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); } break; case AUTH_BAD_TRANSPORT: |