[OpenSIPS-Users] Registrations, Retransmissions and Nonces
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Wed Nov 3 14:52:08 CET 2010
Hi Saúl,
yes, it does affect those versions too. But versions prior to 1.6 are
not officially maintained any more, so backporting fixes is not a must.
But if want, feel free to do the backports.
Regards,
Bogdan
Saúl Ibarra Corretgé wrote:
> Hi Bogdan,
>
> On 11/03/2010 01:45 PM, Bogdan-Andrei Iancu wrote:
>> Hi Kennard
>>
>> Kennard White wrote:
>>
>> [....]
>>> Opensips has two mechanisms for making a nonce stale: the time-based
>>> mechanism (nonce_expire) and a use-once mechanism
>>> ('disable_nonce_check"). The 2nd mechanism doesn't set the stale=1
>>> flag. Not sure why, but I think maybe because authors assume that if
>>> this happened it was a malicious attack, not a retransmission.
>> [....]
>>
>> actually that was a bug - the STALE indicator was report to the script,
>> but not included in the challenge ....It is fixed now.
>>
>
> Does this bug affect all versions from 1.4 to 1.6? If so, are you
> planning to backport this fix to 1.4 and 1.5?
>
> Thanks and regards,
>
--
Bogdan-Andrei Iancu
OpenSIPS Bootcamp
15 - 19 November 2010, Edison, New Jersey, USA
www.voice-system.ro
More information about the Users
mailing list