[OpenSER-Devel] [ openser-Feature Requests-1825771 ] [permissions] add "allow_contact()" for in-dialog messages

SourceForge.net noreply at sourceforge.net
Mon Nov 5 00:09:49 UTC 2007


Feature Requests item #1825771, was opened at 2007-11-05 00:09
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743023&aid=1825771&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Iñaki Baz (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
Summary: [permissions] add "allow_contact()" for in-dialog messages

Initial Comment:
In this mail of Voipsec mailist there appears a SIP vulnerability based on a malicious "Contact" header in the INVITE of the attacker:
  http://voipsa.org/pipermail/voipsec_voipsa.org/2007-November/002475.html

A solution for that could be a function called "allow_contact()" in "permissions" module that checks if the "Contact" headers matches a forbidden URI (any URI corresponding to the proxy itself).

"permissions" module has a function called "allow_register()" that matches Contact header just for REGISTER. It could be nice a new function "allow_contact()" for any other SIP message.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743023&aid=1825771&group_id=139143



More information about the Devel mailing list