Daniel-Constantin Mierla writes:
Indeed, there can be an extra check there. Not sure how much protection it adds here. When X calls Y, if caller is trusted (e.g., auth user, trusted peer) then either call goes to costly resource (PSTN) that is also trusted, to a local user or untrusted destination, case in which you route only if does not cost you anything. If local users are not trustable and use "custom UA", then replies can go to first Via, skipping the rest of Via stack, ignoring negative replies after 200ok. Unless there is symmetric nat and they are forced to use the proxy, the safest will be a b2bua.
i don't understand, how the above relates to the security issue that i brought up. it has nothing to do with cost, but a possibility to make uac send in-dialog requests so that they by-pass the proxy. nasty things documented earlier can happen if that is not prevented.
Say you get a 200OK to an INVITE with spoofed r-r, should it be dropped?
definitely yes. there could, for example, be a flag that tells if the check needs to be done, so that you don't waste resources needlessly if uas is trusted.
-- juha