[OpenSER-Devel] [ openser-Bugs-1850882 ] [permissions] bug in default "register.deny"

[SourceForge.net]

Bugs item #1850882, was opened at 2007-12-14 16:26
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1850882&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Iñaki Baz (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
Summary: [permissions] bug in default "register.deny"

Initial Comment:
Hi, the file "register.deny" included in:
  http://openser.svn.sourceforge.net/viewvc/openser/trunk/modules/permissions/config/register.deny?view=markup

puts as example a gw with IP 1.2.3.4 and a regular expresion:

  ALL : "^sip:.*1\.2\.3\.4$"

This is obviosly vulnerable because a malicious user could send a REGISTER with:

  Contact: <sip:PSTN_number at 1.2.0003.4>

And IP 1.2.0003.4 is the same as 1.2.3.4 but wouldn't be matched by regular expression.

Because that I propose to set:

  ALL : "^sip:.*0*1\.0*2\.0*3\.0*4$"

to avoid any number of 0's.


And other thing, the phrase:
# (Don't forget to list also all hostnames that can
# be used to reach the PSTN gateway)

This is a false security recommendation since anyone can register a public domain pointing to any IP, so a malicious user could register a domain "blablabla.com" pointing to 1.2.3.4 and this would bypass "register.deny" security.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1850882&group_id=139143