[SR-Users] uac_replace_from and header adulterations

Alex Balashov abalashov at evaristesys.com
Fri Oct 13 21:53:13 CEST 2017


Hello,

I've got a bizarre problem caused by bad UA behaviour:

   UA A ---> Kamailio (P) ---> UA B

1. UA A sends initial INVITE through P to B;

2. Kamailio (P) makes some modifications to the From header using
uac_replace_from() and passes along to B.

3. B sends an in-dialog request (e.g. BYE or reinvite) to A through P;
in doing so, it modifies the To (formerly From) value slightly,
replacing the hostname portion in the To URI with a different value to
the one that was received in the From header.

4. Kamailio relays this in-dialog request to A, but with an
adulterated/clipped/truncated/grammatically invalid To header now.

5. A responds with 400 Bad Request due to invalid To header.

I would not dispute that UA B should not be modifying the remote URI in
this manner. But since it does, it gives rise to two questions:

1. Why does Kamailio not simply discard the modified To header and
restore the original value stored in the Record-Route rider parameter?

Is it because the Record-Route parameter does not contain the original
header value, but rather some data complementary to the current header
value? 

Or is it because the UAC code takes a checksum of the original remote
URI header value and stores it, and just checks it when restoring on
principle? If so, what's the motive for that?

2. Wouldn't it be better behaviour to simply reject a request so
malformed, rather than passing it on with a corrupt restored value? If
Kamailio can detect that the header has been tampered with, why pass it
on?

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/



More information about the sr-users mailing list