Summary: | ASTERISK-08093: [patch] nonce-count value is not added correctry | ||
Reporter: | Noriyuki Suzuki (noriyuki) | Labels: | |
Date Opened: | 2006-11-08 21:54:47.000-0600 | Date Closed: | 2006-11-30 14:55:57.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) nonce-count.diff | |
Description: | I found the problem that the noncecount value was not added correctry. [sip_reregister() in chan_sip.c] p->noncecount = r->noncecount++; It should be fixed like next p->noncecount = ++r->noncecount; | ||
Comments: | By: Olle Johansson (oej) 2006-11-10 07:17:46.000-0600 This bug exists in 1.2 and 1.4 too By: Olle Johansson (oej) 2006-11-10 07:18:35.000-0600 If it is a bug. I am not sure. How do you think? By: Olle Johansson (oej) 2006-11-12 10:14:11.000-0600 Need answer from you... Thanks! By: Noriyuki Suzuki (noriyuki) 2006-11-12 20:01:01.000-0600 (RFC2617) nonce-count This MUST be specified if a qop directive is sent (see above), and MUST NOT be specified if the server did not send a qop directive in the WWW-Authenticate header field. The nc-value is the hexadecimal count of the number of requests (including the current request) that the client has sent with the nonce value in this request. For example, in the first request sent in response to a given nonce value, the client sends "nc=00000001". The purpose of this directive is to allow the server to detect request replays by maintaining its own copy of this count - if the same nc-value is seen twice, then the request is a replay. See the description below of the construction of the request-digest value. The client has to send "nc=00000002" in the second request. But, p->noncecount is not set to 2. because substitution is executed before the addition. By: Olle Johansson (oej) 2006-11-13 13:25:16.000-0600 Please attach a SIP debug output to show me this. Thanks. By: Noriyuki Suzuki (noriyuki) 2006-11-13 23:38:14.000-0600 1) send REGISTER request 2) recieve 401 with WWW-Authenticate header SIP/2.0 401 Unauthorized Call-ID: 40bb998a350790533bd596b0167330c6@192.168.16.6 CSeq: 102 REGISTER From: <sip:0355562914@10.160.200.10>;tag=as683864de To: <sip:0355562914@10.160.200.10> Via: SIP/2.0/UDP 192.168.16.6:5060;branch=z9hG4bK3cc9be1d Content-Length: 0 WWW-Authenticate: Digest realm="10.160.200.10", qop="auth", nonce="27cb34ac46286 238c7b03f076b6a4f84", opaque="96ccf7afaeb573983f4ebf99821367ab" 3) send REGISTER request with Authorization header. nonce-count is set to '1'. REGISTER sip:10.160.200.10 SIP/2.0 Via: SIP/2.0/UDP 192.168.16.6:5060;branch=z9hG4bK0e8202f3 From: <sip:0355562914@10.160.200.10>;tag=as254c666e To: <sip:0355562914@10.160.200.10> Call-ID: 40bb998a350790533bd596b0167330c6@192.168.16.6 CSeq: 103 REGISTER Max-Forwards: 70 Authorization: Digest username="0355562914", realm="10.160.200.10", algorithm=MD 5, uri="sip:10.160.200.10", nonce="27cb34ac46286238c7b03f076b6a4f84", response=" 7f5209a620e28d6fde2dbc073a33e531", opaque="96ccf7afaeb573983f4ebf99821367ab", qo p=auth, cnonce="1e58f592", nc=00000001 Expires: 3600 Contact: <sip:0355562914@192.168.16.6> Content-Length: 0 4) recieve 200OK 5) send 2nd REGISTER request for update expiry. Authorization line has same nonce value. But nonce-count is set to '1'. REGISTER sip:10.160.200.10 SIP/2.0 Via: SIP/2.0/UDP 192.168.16.6:5060;branch=z9hG4bK3b95b114 From: <sip:0355562914@10.160.200.10>;tag=as43ff4c86 To: <sip:0355562914@10.160.200.10> Call-ID: 40bb998a350790533bd596b0167330c6@192.168.16.6 CSeq: 104 REGISTER Max-Forwards: 70 Authorization: Digest username="0355562914", realm="10.160.200.10", algorithm=MD 5, uri="sip:10.160.200.10", nonce="27cb34ac46286238c7b03f076b6a4f84", response=" f148fd33f7f2fd1067dcc0e58601237a", opaque="96ccf7afaeb573983f4ebf99821367ab", qo p=auth, cnonce="1408ebb5", nc=00000001 Expires: 3600 Contact: <sip:0355562914@192.168.16.6> Content-Length: 0 By: Olle Johansson (oej) 2006-11-14 02:47:39.000-0600 Now I see. I'll look into this. By: Anthony LaMantia (alamantia) 2006-11-23 12:09:43.000-0600 noriyuki, can you try the patch i just posted and post the debugging output. so we can see if it solves the issue. By: Olle Johansson (oej) 2006-11-24 01:39:40.000-0600 Alamantia - what's differrent between your patch and what was suggested in the bug report? By: Noriyuki Suzuki (noriyuki) 2006-11-24 02:46:19.000-0600 I tried nonce1.diff.txt patch. But nc value is always '1'. I think that sip_reg_timeout() is not executed in this case. 3rd REGISTER is sent by sip_reregister(). -- recieved 401 Unauthorized WWW-Authenticate: Digest realm="10.160.252.13", qop="auth", nonce="751ced05de3af bcf6e5caec8f6a8040e", opaque="20837b9e79db9c5620ba9ae985601fc6" do_register_auth(): Authorization: Digest username="700000000122931", realm="10.160.252.13", algorit hm=MD5, uri="sip:10.160.252.13", nonce="751ced05de3afbcf6e5caec8f6a8040e", respo nse="e2d6bc278570fe55fd030adc73d69ebf", opaque="20837b9e79db9c5620ba9ae985601fc6 ", qop=auth, cnonce="483ba144", nc=00000001 recieve 200 OK send REGISTER from sip_reregister(): Authorization: Digest username="700000000122931", realm="10.160.252.13", algorit hm=MD5, uri="sip:10.160.252.13", nonce="751ced05de3afbcf6e5caec8f6a8040e", respo nse="632e4e5c14f2226b9cea746127c0b950", opaque="20837b9e79db9c5620ba9ae985601fc6 ", qop=auth, cnonce="13b4738e", nc=00000001 -- There is the following code in transmit_register(). The noncecount is added when re-use auth strings. /* We have auth data to reuse, build a digest header! */ if (sipdebug) ast_log(LOG_DEBUG, " >>> Re-using Auth data for %s@%s\n", r->username, r->hostname); ast_copy_string(p->realm, r->realm, sizeof(p->realm)); ast_copy_string(p->nonce, r->nonce, sizeof(p->nonce)); ast_copy_string(p->domain, r->domain, sizeof(p->domain)); ast_copy_string(p->opaque, r->opaque, sizeof(p->opaque)); ast_copy_string(p->qop, r->qop, sizeof(p->qop)); p->noncecount = r->noncecount++; r->noncecount value must copy to p->noncecount. But p->noncecount value is set old r->noncecount value in this case. I think it should be fixed like next. r->noncecount++; p->noncecount = r->noncecount; OR p->noncecount = ++r->noncecount; By: Anthony LaMantia (alamantia) 2006-11-27 11:13:44.000-0600 I have implimented a new patch, this method just incriments the noncecount with a statment like this, in transmit_register() r->noncecount += 1; which should work. By: Anthony LaMantia (alamantia) 2006-11-28 16:48:29.000-0600 noriyuki, have you tested the new patch? By: Olle Johansson (oej) 2006-11-30 14:46:07.000-0600 Fix committed to 1.2, 1.4 and svn trunk. Thanks, noriyuki, for a detailed report and a proposed patch. By: Olle Johansson (oej) 2006-11-30 14:55:57.000-0600 1.2 rev 48165 1.4 rev 48166 trunk rev 48167 |