| Summary: | ASTERISK-26089: Invalid security events during boot using PJSIP Realtime | ||||
| Reporter: | Scott Griepentrog (sgriepentrog) | Labels: | |||
| Date Opened: | 2016-06-06 16:32:27 | Date Closed: | 2016-06-07 10:20:06 | ||
| Priority: | Major | Regression? | |||
| Status: | Closed/Complete | Components: | pjproject/pjsip | ||
| Versions: | Frequency of Occurrence | Constant | |||
| Related Issues: |
| ||||
| Environment: | CentOS, Asterisk 13, PJSIP, Realtime, ODBC | Attachments: | |||
| Description: | When Asterisk is configured to use PJSIP with Realtime, the receipt of a SIP REGISTER during bootup (prior to odbc database connections being completed) results in a security event such as InvalidAccountID due to being unable to obtain the account from the database.
Where the specific customer implementation includes banning IP's based on security events, this causes a window of opportunity for valid endpoints to be banned if they are unlucky enough to attempt REGISTER at the wrong time. A workaround for this issue exists in the form of rejecting security events prior to the FullyBooted event being received. However, this issue would probably be better addressed by adding an option to cause PJSIP inbound traffic to be dropped prior to FullyBooted state, so as to avoid transmitting an incorrect 401 Unauthorized response to the endpoint. | ||||
| Comments: | By: Richard Mudgett (rmudgett) 2016-06-06 17:21:32.443-0500 This is exactly the first patch in the series addressing ASTERISK-26088. The patch ignores all incoming SIP messages to PJSIP until fully booted and is not optional. By: Joshua C. Colp (jcolp) 2016-06-07 10:20:06.752-0500 Patch is already up and tagged against other issue. Closing this out. | ||||