kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-03 11:25:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

AST-2020-002 - res_pjsip: Stop sending INVITEs after challenge limit.

Browse Source 
If Asterisk sends out and INVITE and receives a challenge with a
different nonce value each time, it will continually send out INVITEs,
even if the call is hung up. The endpoint must be configured for
outbound authentication in order for this to occur. A limit has been set
on outbound INVITEs so that, once reached, Asterisk will stop sending
INVITEs and the transaction will terminate.

ASTERISK-29013

Change-Id: I2d001ca745b00ca8aa12030f2240cd72363b46f7
This commit is contained in:
Ben Ford
2020-11-03 10:38:34 -06:00
committed by Kevin Harwell
parent a5d55fc9e1
commit cd8f8b94f8
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
res/res_pjsip_session.c
View File

@@ -2865,7 +2865,6 @@ static pjsip_module session_reinvite_module = {
.on_rx_request = session_reinvite_on_rx_request,
};
void ast_sip_session_send_request_with_cb(struct ast_sip_session *session, pjsip_tx_data *tdata,
ast_sip_session_response_cb on_response)
{
@@ -3120,6 +3119,8 @@ struct ast_sip_session *ast_sip_session_alloc(struct ast_sip_endpoint *endpoint,
return NULL;
}
session->authentication_challenge_count = 0;
/* Fire seesion begin handlers */
handle_session_begin(session);
@@ -3289,6 +3290,10 @@ static pj_bool_t outbound_invite_auth(pjsip_rx_data *rdata)
}
ast_debug(3, "%s: Initial INVITE is being challenged.\n", ast_sip_session_get_name(session));
if (++session->authentication_challenge_count > MAX_RX_CHALLENGES) {
ast_debug(3, "%s: Initial INVITE reached maximum number of auth attempts.\n", ast_sip_session_get_name(session));
return PJ_FALSE;
}
if (ast_sip_create_request_with_auth(&session->endpoint->outbound_auths, rdata,
tsx->last_tx, &tdata)) {
@@ -4696,6 +4701,7 @@ static void session_inv_on_tsx_state_changed(pjsip_inv_session *inv, pjsip_trans
ast_sip_session_get_name(session),
tsx->status_code);
if ((tsx->status_code == 401 || tsx->status_code == 407)
&& ++session->authentication_challenge_count < MAX_RX_CHALLENGES
&& !ast_sip_create_request_with_auth(
&session->endpoint->outbound_auths,
e->body.tsx_state.src.rdata, tsx->last_tx, &tdata)) {
@@ -4789,6 +4795,7 @@ static void session_inv_on_tsx_state_changed(pjsip_inv_session *inv, pjsip_trans
(int) pj_strlen(&tsx->method.name), pj_strbuf(&tsx->method.name),
tsx->status_code);
if ((tsx->status_code == 401 || tsx->status_code == 407)
&& ++session->authentication_challenge_count < MAX_RX_CHALLENGES
&& !ast_sip_create_request_with_auth(
&session->endpoint->outbound_auths,
e->body.tsx_state.src.rdata, tsx->last_tx, &tdata)) {