[osip-dev] SUBSCRIBE forking

From:

FEICHTER Christoph

Subject:

Date:

Thu, 13 Apr 2017 10:26:02 +0000

hi aymeric,

we recently found out about a vulnerability of SIP regarding forking of SUBSCRIBE requests – which

also applies to eXosip.

The scenario is the following:

- UAC subscribes an event

- the UAS (subscribee) accepts and sends NOTIFY requests

- the UAS generates for each NOTIFY request a new From-tag.

This makes it look for the subscriber as if the SUBSCRIBE request has been forked,

and multiple subscribes do send NOTIFYs !

In eXosip it seems to no make a difference, whether these NOTIFY requests are answered

by 200 Ok or a 456xx response. eXosip does create dialogs for each NOTIFY ..

.. and the memory consumption increases until we are out of memory.

What do you think about this vulnerability ?

Should we specify a max. number of forks for SUBSCRIBE ?

Regards and happy easter,

Christoph

[Prev in Thread]

Current Thread

[Next in Thread]

[osip-dev] SUBSCRIBE forking, FEICHTER Christoph <=

Re: [osip-dev] SUBSCRIBE forking, Aymeric Moizard, 2017/04/13
- Re: [osip-dev] SUBSCRIBE forking, FEICHTER Christoph, 2017/04/13
  - Re: [osip-dev] SUBSCRIBE forking, Aymeric Moizard, 2017/04/14
  - Re: [osip-dev] SUBSCRIBE forking, FEICHTER Christoph, 2017/04/18
  - [osip-dev] osip2 + LGPL + MCU, Maxim, 2017/04/28