diff options
authorfile <file@f38db490-d61c-443f-a65b-d21fe96a405b>2009-11-04 19:14:11 +0000
committerfile <file@f38db490-d61c-443f-a65b-d21fe96a405b>2009-11-04 19:14:11 +0000
commit16054d63d94b52561336bed73a244d7e273d69aa (patch)
parent70ed6fef438bc821028c4ed33e2a88f70153f84e (diff)
Fix a security issue where sending a REGISTER with a differing username in the From
URI and Authorization header would reveal whether it was valid or not. (AST-2009-008) git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.2.36@227691 f38db490-d61c-443f-a65b-d21fe96a405b
1 files changed, 0 insertions, 2 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 5ad323b7b..f4813d70c 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -6829,8 +6829,6 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
Asterisk uses the From: username for authentication. We need the
users to use the same authentication user name until we support
proper authentication by digest auth name */
- transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
- break;
case -3: /* Unknown domain */
case -4: /* ACL error */
case -5: /* Peer is not supposed to register with us at all */