100rel module sending PRACK to wrong request URI during parallel forking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

After some digging I seem to have uncovered a bug, which I think I  
have managed to fix.

First off, let me describe the scenario that led me to this. I have  
three endpoints, two of which are my application that is using PJSIP,  
let's call them endpoint A and B. Endpoint C is a third party SIP UA  
that sets 100rel in the Required header. I am using endpoint A to send  
an INVITE to a SIP address to which both endpoint B and C have  
REGISTERed. This leads to the following sequence of events:

- Endpoint B sends a 180 Trying in response to the INVITE
- Endpoint A records the Contact header of endpoint B as target for  
the dialog
- Endpoint C is a little slower and also sends a 180 Trying, including  
Required: 100rel
- Endpoint A sends a PRACK in response to the 180 from endpoint C, but  
puts as the request URI the target recorded for the dialog, which is  
the URi in the Contact header of endpoint B.
- The PRACK ends up at endpoint B instead of C, which promptly crashes  
with an assertion failure, as the PJSIP_INV_REQUIRE_100REL option was  
not set on pjsip_inv_verify_request().

I have also tried this with the pjsua application, but this does not  
crash as it only sends a 100 and not a 180, which is never propagated  
back upstream by the SIP proxy (the 100 that is).

I have included a patch that at least sets the request URI in the  
PRACK to that of the provisional response that triggered it,  
overriding the target URI of the "dialog" (officially I don't think  
there is a dialog yet because it has not been established).

Perhaps the code that handles the receiving of the PRACK should be  
made more resilient as well, as endpoint B does actually advertise  
that it supports PRACK, even though it did not put it in the Required  
header.

Ruud Klaver
AG Projects

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pjsip-2269-prack-request-uri-fix.patch
Type: application/octet-stream
Size: 901 bytes
Desc: not available
Url : http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20080910/ddd7fec9/attachment.patch 
-------------- next part --------------
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux