Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#560 Non-printable Characters in Via Host

1.8.x
closed-fixed
core (110)
7
2012-10-31
2012-09-26
David Sanders
No

RFC 3261 doesn't allow non-printable characters (minus CRLF ending the Via header) in the host portion of the Via header.

However, OpenSIPs seems to tolerate them. PJSIP has a bug that sends gibberish for a host in the Via on some unregisters. This is tolerated by OpenSIPs on receive, but causes issues later on in the reply, which goes out with a blank host. In particular nat_traversal can't parse the reply because the host is blank.

It seems that the parsing of the Via header should be tightened to only allow printable characters as a host.

Discussion

1 2 > >> (Page 1 of 2)
  • David, could you post here such a bogus VIA ?

    Thanks

     
    • assigned_to: nobody --> bogdan_iancu
     
  • David Sanders
    David Sanders
    2012-10-12

    Here you go Bogdan.

    I took the example out of the sip_trace table in our MySQL database. Thoe host is gibberish but the port number is OK. OpenSIPS doesn't complain about parsing errors until it is sending the 401 response.

    REGISTER sip:19192972172@72.215.176.13:5060 SIP/2.0
    Via: SIP/2.0/UDP ‰¡read :13611;rport;branch=z9hG4bKPjBb-CLCWWBdliGJLBdVQq5L3VvfyD3QGt
    Max-Forwards: 69
    From: <sip:19192972172@72.215.176.13>;tag=6g8qHX7UCoq0klHC5y8FcEoEqOqGIMIl
    To: <sip:19192972172@72.215.176.13>
    Call-ID: DwRnHUucA06j2QdrYIFaKnrkuYpnZ0As
    CSeq: 51957 REGISTER
    Contact: <sip:19192972172@72.215.176.1:13611;transport=UDP;rinstance=30b85fb46d764d69>
    Expires: 0
    Authorization: Digest username="19192972172", realm="72.215.176.13", nonce="50783011000007583df53abb709e661070948fd84a90f378", uri="sip:19192972172@72.215.176.13:5060", response="99c332dcb3b20051391f0e589f203983"
    Content-Length: 0

    SIP/2.0 401 Unauthorized
    Via: SIP/2.0/UDP ;received=72.215.176.1;rport=13611‰¡read
    From: <sip:19192972172@72.215.176.13>;tag=6g8qHX7UCoq0klHC5y8FcEoEqOqGIMIl
    To: <sip:19192972172@72.215.176.13>;tag=9ee60da17230fa4987e498ef1c101576.0000
    Call-ID: DwRnHUucA06j2QdrYIFaKnrkuYpnZ0As
    CSeq: 51957 REGISTER
    WWW-Authenticate: Digest realm="72.215.176.13", nonce="507830240000075ff0bbdb222655467b236709b177002a39", stale=true
    Server: Pinger.com PROXY 1.8
    Content-Length: 0

     
  • VIA validation patch

     
    Attachments
  • Hi David,

    Here is a patch to address this problem - I did some first testing on my side, but give it a try too - I want to be 100% sure first it does not break anything and second it detects the kind of bogus VIA you have.

    Thanks and regards,
    Bogdan

     
    • status: open --> open-fixed
     
  • David Sanders
    David Sanders
    2012-10-22

    Hi Bogdan,

    I've tested the patch you provided, and it successfully detects the type of bogus VIAs I was seeing.

    However, it doesn't trigger the "error_route" I have in the OpenSIPS script, so I'm not able to send a response to the malformed REGISTER which had the bad VIA. This leads to the client retrying the bad message several times.

    Would it be possible for this parsing error to jump to the "error_route" so that I can respond with a 400 to the REGISTER and stop the retransmissions?

    - David

     
  • David,

    Please see the additional patch that should solve the triggering issue too.

    Regards,
    Bogdan

     
    • priority: 5 --> 7
     
1 2 > >> (Page 1 of 2)