Comments (7)
It turned out that realm->nc == 2 after first auth attempt. This one has worked in all tests:
diff --git a/src/sip/auth.c b/src/sip/auth.c
index 1357cad..21e9c3c 100644
--- a/src/sip/auth.c
+++ b/src/sip/auth.c
@@ -161,7 +161,9 @@ static bool auth_handler(const struct sip_hdr *hdr, const struct sip_msg *msg,
goto out;
}
else {
- if (!pl_isset(&ch.stale) || pl_strcasecmp(&ch.stale, "true")) {
+ /* error if first auth attempt fails */
+ if ((!pl_isset(&ch.stale) ||
+ pl_strcasecmp(&ch.stale, "true")) && (realm->nc == 2)) {
err = EAUTH;
goto out;
}
from re.
Another (better) solution might be to tell via the API that REGISTER requests are always send without trying to re-use the nonce, i.e., that they are always sent (like new INVITEs) as initial requests.
from re.
An improved version of the above src/sip/auth.c patch goes like this:
@ -161,7 +161,8 @@ static bool auth_handler(const struct sip_hdr *hdr, const struct sip_msg *msg,
goto out;
}
else {
- if (!pl_isset(&ch.stale) || pl_strcasecmp(&ch.stale, "true")) {
+ if (!pl_isset(&ch.stale) || pl_strcasecmp(&ch.stale, "true") ||
+ (realm->nc == 1)) {
err = EAUTH;
goto out;
}
With that, authorization failes if negative response is received to the first request that includes Authorization header, i.e., to a request that is not trying to re-use an existing nonce.
from re.
Can you please create a pull request from your patch?
from re.
I would like to first get a comment from libre folks if they think the patch makes sense.
from re.
Who are the „libre folks“?
Just create a pull request. In can be discussed and improved if necessary and merged or not.
But I do not believe that anybody has a problem with a merge as it improves compatibility a lot.
from re.
This issue is now replaced by pull request #226.
from re.
Related Issues (20)
- Some example about JSON may mislead in retest HOT 1
- DNS client only queries first server (in most cases) HOT 5
- add RFC 6062 HOT 2
- Use database insted of File
- DNS resolution does not respect local configuration (/etc/hosts, avahi *.local, nsswitch.conf, etc) HOT 1
- Is there any demo for ICE ? HOT 1
- Can't Build on Docker from source HOT 2
- Can I use libre and librem in windows applications? How to compile as dll? HOT 7
- Via header address is set before TCP connection is established
- How to use rtmp_send_video to publish H264 frame?
- Issue with RTP Video over Network
- Upstream .so name versioning?
- Compilation with musl-libc fails
- libre can work based on the thirdpary Lwip?
- SIGABRT after tcp_close_handler derefs conn one too many times (race condition on socket close) HOT 2
- auth won't work for binary passwords containing zero byte characters
- config with sip device
- Shani gujjar
- WEB
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from re.