|
From: | FEICHTER Christoph |
Subject: | [osip-dev] SUBSCRIBE forking |
Date: | Thu, 13 Apr 2017 10:26:02 +0000 |
hi aymeric, we recently found out about a vulnerability of SIP regarding forking of SUBSCRIBE requests – which also applies to eXosip. The scenario is the following: -
UAC subscribes an event -
the UAS (subscribee) accepts and sends NOTIFY requests -
the UAS generates for each NOTIFY request a new From-tag. This makes it look for the subscriber as if the SUBSCRIBE request has been forked, and multiple subscribes do send NOTIFYs ! In eXosip it seems to no make a difference, whether these NOTIFY requests are answered by 200 Ok or a 456xx response. eXosip does create dialogs for each NOTIFY .. .. and the memory consumption increases until we are out of memory. What do you think about this vulnerability ? Should we specify a max. number of forks for SUBSCRIBE ? Regards and happy easter, Christoph |
[Prev in Thread] | Current Thread | [Next in Thread] |