| Summary: | ASTERISK-18759: Asterisk re-uses stale nonce in edge case | ||||
| Reporter: | feyfre (feyfre) | Labels: | |||
| Date Opened: | 2011-10-27 10:29:17 | Date Closed: | 2015-02-06 16:00:12.000-0600 | ||
| Priority: | Major | Regression? | No | ||
| Status: | Closed/Complete | Components: | Channels/chan_sip/Registration | ||
| Versions: | 1.8.5.0 1.8.7.1 | Frequency of Occurrence | Constant | ||
| Related Issues: |
| ||||
| Environment: | Linux 2.6.37.6 (Salckware 13.37) | Attachments: | ( 0) full | ||
| Description: | Asterisk forgets nonce it sent to SIP client during registartion. client sends REGISTER without auth, * replies 401 with realm and nonce values (let this nonce == blah client sends REGISTER with auth(MD5 calculated against given realm and nonce. calculations are right double checked). * replies 401 with realm and another nonce value(let this nonce == otherblah) -- after timeout for few seconds configured on client, client again tries to register client sends REGISTER without auth, * replies 401 with realm and nonce values (let this nonce == yetanotherblah client sends REGISTER with auth(MD5 calculated against given realm and nonce. calculations are right double checked). * replies 401 with realm and another nonce value(this nonce == otherblah which is equal to otherblah in first retry) Attaching trace log. Asterisk never expects nonce which it sent to client after first REGISTER retry, remembers nonce == otherblah | ||||
| Comments: | By: Leif Madsen (lmadsen) 2011-10-31 13:41:46.299-0500 Is this true if you use chan_sip without res_config_mysql? Just curious if that could be getting in the way. Is this easily reproducible? Which end points are being used? By: feyfre (feyfre) 2011-10-31 14:24:02.562-0500 Leif Madsen, I'm using res_mysql_conf so asterisk knows about realtime peers(in log you can see it loads own configuration file). I think I found problem, and can workaround it now, but still I think it is Asterisk bug/error. As you can see in log, I'm useing DLink gateway. It is DVG-7022S. It has one option, called "Initial Unregister" which I accidentally turned on. What does this option? When gateway starts, it sends to configured proxy REGISTER request with Expire: 0 header, i.e. "forget me" WITHOUT authentication(line 1852 in log). chan_sip reads it, loads peer from realtime storage and creates and saves new nonce value(my custom log message on line 1899 of log), and returns it with 401 answer(and marks this nonce stale, by the way). But gateway does not care it, because it going to begin new registration. It sends REGISTER w/o auth, receives 401 with absolutely new nonce value(differ mentioned earlier), resends REGISTER with right auth, but in response gots 401 again, because chan_sip awaits REGISTER auth hashes calculated using the very first nonce, but not last it sent to peer(line 2086 in log). So I can make conclusion gateway will never be registered in Asterisk, because chan_sip does not respects its own decision. When I detected this behaviour, I remembered about that option(configuration of DVG is highly undocumented, most thinks was done blindly) and turned it off, so have no such behaviour now. But I think I still need that option turned on(because it is only way to reset registration). By: Leif Madsen (lmadsen) 2011-11-01 08:08:42.043-0500 Thanks for the explanation, that does make it more clear. Thanks! By: Matt Jordan (mjordan) 2015-02-06 15:59:51.051-0600 Although we ended up reproducing this in a different fashion, the fix that was done for ASTERISK-24715 should also fix the problem here. | ||||