[Devel] UAC module and parse error

Christophe Irles christophe.irles at alcatel.fr
Wed Dec 6 11:35:21 CET 2006


Hi,

I found a parse error bug in the UAC module. It's slightly the same bug as
describe in the 1448453 bug but it concerns the parse of the field "stale"
this time.

Here is the log of openser:
 4(19621) DEBUG:uac:uac_auth: picked reply is 0x816cfe8, code 407
 4(19621) DEBUG:uac:get_autenticate_hdr: looking for header
"Proxy-Authenticate"
 4(19621) parse_headers: flags=ffffffffffffffff
 4(19621) DEBUG: get_hdr_body : content_length=0
 4(19621) found end of header
 4(19621) DEBUG:uac:uac_auth: header found; body=<Digest
realm="freephonie.net",nonce="028183054212a08209186424557a08f7",opaque="027f
b3fb0f14a5b",stale=false,algorithm=MD5>
 4(19621) DEBUG:uac:parse_authenticate_body: <realm>="freephonie.net"
state=2
 4(19621) DEBUG:uac:parse_authenticate_body:
<nonce>="028183054212a08209186424557a08f7" state=3
 4(19621) DEBUG:uac:parse_authenticate_body: <opaque>="027fb3fb0f14a5b"
state=6
 4(19621) ERROR:uac:parse_authenticate_body: parse error in <Digest
realm="freephonie.net",nonce="028183054212a08209186424557a08f7",opaque="027f
b3fb0f14a5b",stale=false,algorithm=MD5> around 102
 4(19621) ERROR:uac:uac_auth: failed to parse auth hdr body
 4(19621) CONNTRACK: ct_destroy_connection():
callId=MTUzMzAxOGNmYmZjM2ZmZWYyMzY3NjMyNDk0ZDVlYTY.
 4(19621) DEBUG:tm:relay_reply: branch=0, save=0, relay=0
 

The bug is in the file "auth_hdr.c". Some fields (realm, nonce, stale,
domain, opaque) are specifically designed to have values between double
quote. I change it to accept values with or without double quote.  In fact I
made few changes since the code is already ready to manage that, it just
force the use of double quote. Perhaps some of this fields in RFC must have
double quoted value ?

Here is mypatch file to resolve my problem:
--- ./modules/uac/auth_hdr.c
+++ ./patch/modules/uac/auth_hdr.c
@@ -133,11 +133,11 @@
 			n = LOWER4B( GET4B(p) );
 			switch(n)
 			{
-				CASE_5B( 0x7265616c, 'm', REALM_STATE, 1);
/*realm*/
-				CASE_5B( 0x6e6f6e63, 'e', NONCE_STATE, 1);
/*nonce*/
-				CASE_5B( 0x7374616c, 'e', STALE_STATE, 1);
/*stale*/
-				CASE_6B( 0x646f6d62, 'i', 'n', DOMAIN_STATE,
1); /*domain*/
-				CASE_6B( 0x6f706171, 'u', 'e', OPAQUE_STATE,
1); /*opaque*/
+				CASE_5B( 0x7265616c, 'm', REALM_STATE, 0);
/*realm*/
+				CASE_5B( 0x6e6f6e63, 'e', NONCE_STATE, 0);
/*nonce*/
+				CASE_5B( 0x7374616c, 'e', STALE_STATE, 0);
/*stale*/
+				CASE_6B( 0x646f6d62, 'i', 'n', DOMAIN_STATE,
0); /*domain*/
+				CASE_6B( 0x6f706171, 'u', 'e', OPAQUE_STATE,
0); /*opaque*/
 				case 0x616c676f: /*algo*/
 					if (p+9<end &&
LOWER4B(GET4B(p+4))==0x72697468
 						&& LOWER1B(*(p+8))=='m' )

Regards,
Christophe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openser.org/pipermail/devel/attachments/20061206/bf067ad4/attachment.htm


More information about the Devel mailing list