AST-2020-002 - res_pjsip: Stop sending INVITEs after challenge limit.

If Asterisk sends out and INVITE and receives a challenge with a different nonce value each time, it will continually send out INVITEs, even if the call is hung up. The endpoint must be configured for outbound authentication in order for this to occur. A limit has been set on outbound INVITEs so that, once reached, Asterisk will stop sending INVITEs and the transaction will terminate. ASTERISK-29013 Change-Id: I2d001ca745b00ca8aa12030f2240cd72363b46f7
2025-09-03 03:20:57 +00:00 · 2020-11-03 10:38:34 -06:00
parent a5d55fc9e1
commit cd8f8b94f8
4 changed files with 13 additions and 3 deletions
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -76,6 +76,9 @@ struct pjsip_tpselector;
 /*! \brief Maximum number of ciphers supported for a TLS transport */
 #define SIP_TLS_MAX_CIPHERS 64

+/*! Maximum number of challenges before assuming that we are in a loop */
+#define MAX_RX_CHALLENGES	10
+
 AST_VECTOR(ast_sip_service_route_vector, char *);

 /*!
--- a/include/asterisk/res_pjsip_session.h
+++ b/include/asterisk/res_pjsip_session.h
@@ -235,6 +235,8 @@ struct ast_sip_session {
 	pjsip_uri *request_uri;
 	/*! Media statistics for negotiated RTP streams */
 	AST_VECTOR(, struct ast_rtp_instance_stats *) media_stats;
+	/*! Number of challenges received during outgoing requests to determine if we are in a loop */
+	unsigned int authentication_challenge_count:4;
 	/*! The direction of the call respective to Asterisk */
 	enum ast_sip_session_call_direction call_direction;
 };