[sr-dev] [tracker] Task opened: Sanity module fails to reject broken From/ To headers

[sip-router]

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Bayan Towfiq (btowfiq) 

Attached to Project - sip-router
Summary - Sanity module fails to reject broken From/ To headers
Task Type - Bug Report
Category - Module
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Medium
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - Summary:
1) Please make the sanity_check() function callable from onreply_route

2) Please make the sanity module or parser check for and reject SIP messages with duplicate parameter names on headers or uris.


Explanation:

Both headers parameters and URI parameters must be unique names within that header / uri respectively.  There can not be duplicate parameter names according to RFC 3261 sections:

7.3.1 Header Field Format
19.1.1 SIP and SIPS URI Components


This problem was discovered by receiving some bad From/To headers on BYEs and 200OKs from a non-compliant client.  These buggy headers had duplicate tags that looked like:

From: <sip:8005551212 at x.x.x.x>;tag=SDf9rh299-14c034a8+1+5c4f05a4+f31e7fc5;tag=gfrC3Ghl.

This cleared out transactions in the dialog module and gave non matching EDRs for the From/To fields for the acc module (where the field was taken from the 200OK rather than the BYE).


Both the parser and the Sanity module URI checks are not checking for duplicated parameters in headers and uris.

Also, sanity module is not and should be callable from ONREPLY_ROUTE.


More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=177

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.