|Subject:||Re: [osip-dev] SUBSCRIBE forking|
|Date:||Thu, 13 Apr 2017 12:35:53 +0200|
we recently found out about a vulnerability of SIP regarding forking of SUBSCRIBE requests – which
also applies to eXosip.
The scenario is the following:
- UAC subscribes an event
- the UAS (subscribee) accepts and sends NOTIFY requests
- the UAS generates for each NOTIFY request a new From-tag.
This makes it look for the subscriber as if the SUBSCRIBE request has been forked,
and multiple subscribes do send NOTIFYs !
In eXosip it seems to no make a difference, whether these NOTIFY requests are answered
by 200 Ok or a 456xx response. eXosip does create dialogs for each NOTIFY ..
.. and the memory consumption increases until we are out of memory.
What do you think about this vulnerability ?
Should we specify a max. number of forks for SUBSCRIBE ?
Regards and happy easter,
osip-dev mailing list
|[Prev in Thread]||Current Thread||[Next in Thread]|