El Martes, 2 de Marzo de 2010, Andrei Pelinescu-Onciul escribió:
tm: Reason header copy for received CANCELs
When canceling branches due to a received CANCEL, use the Reason headers in the received CANCEL (all the Reason headers from the received CANCEL will be copied in the generated CANCELs, see RFC3326 for more details).
Hi Andrei, great addition. However there could be a minor security issue:
Perhaps it wouldn't be safe to propagate any Reason header coming in a CANCEL from any sender (imagine you receive a malicius call at 5 o'clock in the night and the hacker added "Reason" header to the CANCEL so you don't find that call in the missed calls list of the phone).
- This local policy could be implemented as follows:
a) Enabling a flag in t_relay() that only makes sense for CANCEL rather than INVITE, so:
if (is_method("CANCEL")) { if ($si == MY_APPLICATION_SERVER_IP) # Allow propagating "Reason" header. t_relay(0x12); else t_relay(); }
or using an explicit flag:
if (is_method("CANCEL")) { if ($si == MY_APPLICATION_SERVER_IP) setflag(FLAG_ALLOW_CANCEL_REASON); t_relay(); }
Opinions? Thanks a lot.