From 2db6ead5ab852acb78002232bbbe6f81ad893389 Mon Sep 17 00:00:00 2001 From: oej Date: Wed, 25 Oct 2006 15:49:29 +0000 Subject: Fix the attack shield for 1.2 too. REFER and NOTIFY can create dialogs in the world of Asterisk. git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@46213 f38db490-d61c-443f-a65b-d21fe96a405b --- channels/chan_sip.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'channels/chan_sip.c') diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 84f1de510..14034e963 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -209,18 +209,18 @@ static const struct cfsip_methods { enum sipmethod id; int need_rtp; /*!< when this is the 'primary' use for a pvt structure, does it need RTP? */ char * const text; - int can_create; + int can_create; /*!< 0=can't create, 1 can create, 2 can create, but not supported */ } sip_methods[] = { - { SIP_UNKNOWN, RTP, "-UNKNOWN-", 0 }, + { SIP_UNKNOWN, RTP, "-UNKNOWN-", 2 }, { SIP_RESPONSE, NO_RTP, "SIP/2.0", 0 }, { SIP_REGISTER, NO_RTP, "REGISTER", 1 }, { SIP_OPTIONS, NO_RTP, "OPTIONS", 1 }, - { SIP_NOTIFY, NO_RTP, "NOTIFY", 0 }, + { SIP_NOTIFY, NO_RTP, "NOTIFY", 2 }, { SIP_INVITE, RTP, "INVITE", 1 }, { SIP_ACK, NO_RTP, "ACK", 0 }, - { SIP_PRACK, NO_RTP, "PRACK", 0 }, + { SIP_PRACK, NO_RTP, "PRACK", 2 }, { SIP_BYE, NO_RTP, "BYE", 0 }, - { SIP_REFER, NO_RTP, "REFER", 0 }, + { SIP_REFER, NO_RTP, "REFER", 2 }, { SIP_SUBSCRIBE, NO_RTP, "SUBSCRIBE", 1 }, { SIP_MESSAGE, NO_RTP, "MESSAGE", 1 }, { SIP_UPDATE, NO_RTP, "UPDATE", 0 }, @@ -3242,8 +3242,21 @@ static struct sip_pvt *find_call(struct sip_request *req, struct sockaddr_in *si /* If this is a response and we have ignoring of out of dialog responses turned on, then drop it */ if (!sip_methods[intended_method].can_create) { + /* Can't create dialog */ if (intended_method != SIP_RESPONSE) transmit_response_using_temp(callid, sin, 1, intended_method, req, "481 Call leg/transaction does not exist"); + } else if (sip_methods[intended_method].can_create == 2) { + char *response = "481 Call leg/transaction does not exist"; + /* In theory, can create dialog. We don't support it */ + if (intended_method == SIP_PRACK || intended_method == SIP_UNKNOWN) + response = "501 Method not implemented"; + else if(intended_method == SIP_REFER) + response = "603 Declined (no dialog)"; + else if(intended_method == SIP_NOTIFY) + response = "489 Bad event"; + + transmit_response_using_temp(callid, sin, 1, intended_method, req, "603 Declined (no dialog)"); + } else { p = sip_alloc(callid, sin, 1, intended_method); if (p) -- cgit v1.2.3