[Kamailio-Users] uac_replace_from check
Juha Heinanen
jh at tutpro.com
Wed Apr 1 09:05:51 CEST 2009
Juha Heinanen writes:
> does the module check that reply to the request from uas really includes
> the added parameter in its r-r header or is correct operation of
> in-dialog requests at the mercy of the uas?
answering to myself, i read the source code and looks like
restore_from_reply function does not check that the r-r param that was
added when request was processed, was copied by uas to the reply or that
the reply contains the r-r header that the proxy added to the
request.
isn't this a security risk? even without the from replacing business,
shouldn't proxy ALWAYS check that the reply contains the r-r header that
it added? if it does not, the uac can be fooled to send in-dialog
requests to somewhere else (unless it is configured to always use this
proxy as its next hop).
so if proxy receives a request that contains a (possibly missing) r-r
header:
r-r: a,b
and it adds itself (c) there
r-r: a,b,c
when reply comes back, shouldn't the proxy check that the r-r header in
the reply starts with
r-r: a,b,c
if not, what am i missing here?
-- juha
More information about the sr-users
mailing list