[OpenSIPS-Users] [OpenSIPS Security Alerts] [FIX] [Severity Low] Undesired dialog flags on creation

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Aug 15 17:37:34 CEST 2012 

This message was generated by the Security Alerts service ( Free Trial 14th of August - 14th of September )
http://www.opensips.org/Resources/AlertsMain
*
SVN commit*:
http://opensips.svn.sourceforge.net/opensips/?rev=9169

*Severity*: Low

*Version*  : 1.8 and trunk

*Affected modules*  : dialog module

*Effect*  : more dialog flags (P,p,B) than actually set

*Affected scenarios*: If using from script multiple time the create_dialog() function (in order to change some dialog
flags), the previously set flags (P,p,B) will still be considered (instead of being reset).

*Description:*  instead of combining the existing dialog flags (with the new ones), we simply overriding existing parameters
with the new ones (when calling create_dialog() several times for the same INVITE request).
Old behavior:
	create_dialog("Pp");
	create_dialog("B");
	=>  resulting flags = "PpB"
New behavior:
	create_dialog("Pp");
	create_dialog("B");
	=>  resulting flags = "B"

*Risks*  : have a unexpected dialog behavior (undesired pinging, or undesired BYE on timeout)

*Update*  :
- if you have an SVN checkout, 1.8 and trunk were fixed; so
update to a revision later than 9169 (trunk) or 9170 (1.8 branch).
- if you have OpenSIPS from sources see the attached patch;
- if using tarballs, they were already regenerated (and include the fix). Available only for 1.8.
- If using the official Debian package (apt.opensips.org), they are also
re-generated including the fix (available for 1.8 and trunk).



-- 
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120815/aaf544d5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dialog_flags-9169.patch
Type: text/x-patch
Size: 496 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20120815/aaf544d5/attachment.bin>
-------------- next part --------------
_______________________________________________
Alerts mailing list
Alerts at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/alerts

More information about the Users mailing list