Opened 11 years ago

Last modified 10 years ago

#4796 new defect

Transactions are reused for authentication instead of creating new ones

Reported by: pchitescu Owned by: seanegan
Milestone: Patches welcome Component: SIMPLE
Version: 2.3.1 Keywords: sip transaction
Cc: hawkinsw


While trying to connect with pidgin to a server I noticed with Wireshark that existing MESSAGE, SUBSCRIBE, etc. packets are just added an authentication line and retransmitted with the same other headers.
This behaviour is wrong. The SIP transaction is finished at that point and a new one must be created. At least the Via branch and CSeq number must change besides adding the Authorization header so it becomes a new transaction. These transactions are best handled separately - it is perfectly possible a retransmission for the initial (unauthenticated, challenged) transaction is received while the new one is still unanswered. If both proxy and UAS authentication is used then even more transactions are required.
Moreover, when shutting down or disabling the account if the REGISTER is challenged no new message is generated. If UDP is used for transport the deregistration will occur only at expire time.

Change History (5)

comment:1 Changed 11 years ago by datallah

  • Cc hawkinsw added

comment:2 Changed 11 years ago by hawkinsw

To clarify, let me try to restate what you are saying:

If a SIP request is challenged for authentication then a new transaction must be created that contains the Authorization information.

As for your second point about the trouble with shutting down/disabling ... this is something that I noticed as well. Since I run the server that I connect to with the client I was able to force the nonce "stale" time to be longer than registration expiration. The real solution is to handle this case better in the client. I will look into making those changes.

Thanks for noticing that part of the code not adhering to the standard. If you can clarify that I understand your original bug report I can get to work on making the necessary changes.


comment:3 Changed 11 years ago by hawkinsw

I have the first version of a patch for this bug. I will not be able to test until Tuesday morning. I will post it as soon as I've had a chance to test/debug.


comment:4 Changed 10 years ago by bernmeister

Ummmm...should I ask if you have a patch for this bug?

Or has this issue been fixed already?

comment:5 Changed 10 years ago by darkrain42

  • Milestone set to Patches welcome
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!