#143 check r-r header of reply

open
nobody
None
5
2009-04-02
2009-04-02
Juha Heinanen
No

for security reasons, it should be possible to make kamailio to check, if r-r uris of reply match those of request. if check is not done, uac is vulnerable to proxy by-pass attack and nasty things may happen.

i prefer an implemenation, where the check is done automatically if a flag is set when request is sent. if check fails, positive reply need to be turned into a negative one.

-- juha

Discussion