aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfile <file@f38db490-d61c-443f-a65b-d21fe96a405b>2009-11-04 19:15:06 +0000
committerfile <file@f38db490-d61c-443f-a65b-d21fe96a405b>2009-11-04 19:15:06 +0000
commitd066cb5d740dda3a45ef8db12c1426e992655d5b (patch)
treedea0d90ff3d36d833fcaab64380ae3ceec799a37
parentf253840ff2ec7734806f806e5df3046f73882f80 (diff)
Fix a security issue where sending a REGISTER with a differing username in the From
URI and Authorization header would reveal whether it was valid or not. (AST-2009-008) git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.6.0.17@227694 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r--channels/chan_sip.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 0959e20dd..2da985ca3 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -11238,8 +11238,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
Asterisk uses the From: username for authentication. We need the
users to use the same authentication user name until we support
proper authentication by digest auth name */
- transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
- break;
case AUTH_NOT_FOUND:
case AUTH_PEER_NOT_DYNAMIC:
case AUTH_ACL_FAILED: