[sr-dev] git:andrei/cancel_reason: tm: Reason header copy for received CANCELs
Iñaki Baz Castillo
ibc at aliax.net
Tue Mar 2 20:10:10 CET 2010
El Martes, 2 de Marzo de 2010, Andrei Pelinescu-Onciul escribió:
> tm: Reason header copy for received CANCELs
>
> When canceling branches due to a received CANCEL, use the Reason
> headers in the received CANCEL (all the Reason headers from the
> received CANCEL will be copied in the generated CANCELs, see
> RFC3326 for more details).
Hi Andrei, great addition. However there could be a minor security issue:
Perhaps it wouldn't be safe to propagate any Reason header coming in a CANCEL
from any sender (imagine you receive a malicius call at 5 o'clock in the night
and the hacker added "Reason" header to the CANCEL so you don't find that call
in the missed calls list of the phone).
- This local policy could be implemented as follows:
a) Enabling a flag in t_relay() that only makes sense for CANCEL rather than
INVITE, so:
if (is_method("CANCEL")) {
if ($si == MY_APPLICATION_SERVER_IP)
# Allow propagating "Reason" header.
t_relay(0x12);
else
t_relay();
}
or using an explicit flag:
if (is_method("CANCEL")) {
if ($si == MY_APPLICATION_SERVER_IP)
setflag(FLAG_ALLOW_CANCEL_REASON);
t_relay();
}
Opinions? Thanks a lot.
--
Iñaki Baz Castillo <ibc at aliax.net>
More information about the sr-dev
mailing list