3 Mar
2010
3 Mar
'10
6:10 a.m.
El Martes, 2 de Marzo de 2010, Andrei Pelinescu-Onciul escribió:
tm: Reason header copy for received CANCELs
When canceling branches due to a received CANCEL, use the Reason
headers in the received CANCEL (all the Reason headers from the
received CANCEL will be copied in the generated CANCELs, see
RFC3326 for more details).
Hi Andrei, great addition. However there could be a minor security issue:
Perhaps it wouldn't be safe to propagate any Reason header coming in a CANCEL
from any sender (imagine you receive a malicius call at 5 o'clock in the night
and the hacker added "Reason" header to the CANCEL so you don't find that
call
in the missed calls list of the phone).
- This local policy could be implemented as follows:
a) Enabling a flag in t_relay() that only makes sense for CANCEL rather than
INVITE, so:
if (is_method("CANCEL")) {
if ($si == MY_APPLICATION_SERVER_IP)
# Allow propagating "Reason" header.
t_relay(0x12);
else
t_relay();
}
or using an explicit flag:
if (is_method("CANCEL")) {
if ($si == MY_APPLICATION_SERVER_IP)
setflag(FLAG_ALLOW_CANCEL_REASON);
t_relay();
}
Opinions? Thanks a lot.
--
Iñaki Baz Castillo <ibc(a)aliax.net>