Nonce too long?


#1

[b]i think i encountered something like a bug in chan_sip (asterisk 1.2.5 stable). i have here a registration from 2 clients, one x-lite and the other asterisk both registering to a ZTE softswitch.

here is the x-lite register:[/b]

SEND TIME: 4623798
SEND >> z.t.e.ip:5060
REGISTER sip:z.t.e.ip SIP/2.0
Via: SIP/2.0/UDP xl.it.e.ip:5060;rport;branch=z9hG4bK9A016B6D37C5401FA145A115DB31F84B
From: 468908012 sip:468908012@z.t.e.ip;tag=3393221447
To: 468908012 sip:468908012@z.t.e.ip
Contact: “468908012” sip:468908012@xl.it.e.ip:5060
Call-ID: EF854A74793C488AB7A042419E8F5041@z.t.e.ip
CSeq: 59447 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105x
Content-Length: 0

RECEIVE TIME: 4624083
RECEIVE << z.t.e.ip:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.2:5060;received=xl.it.e.ip;rport=5060;branch=z9hG4bK9A016B6D37C5401FA145A115DB31F84B
To: "468908012"sip:468908012@z.t.e.ip
From: "468908012"sip:468908012@z.t.e.ip;tag=3393221447
Call-ID: EF854A74793C488AB7A042419E8F5041@z.t.e.ip
CSeq: 59447 REGISTER
User-Agent: ZTE-SoftSwitch
WWW-Authenticate: Digest realm=“zte”,
nonce=“ac9a564a4596a4a846d61059cc6da593”,
ZTE-ID=9d1a000388fa151f81232880c319fb50

SEND TIME: 4624107
SEND >> z.t.e.ip:5060
REGISTER sip:z.t.e.ip SIP/2.0
Via: SIP/2.0/UDP xl.it.e.ip:5060;rport;branch=z9hG4bK140232B2DA0D4F38A829F8C6645CD899
From: 468908012 sip:468908012@z.t.e.ip;tag=3393221447
To: 468908012 sip:468908012@z.t.e.ip
Contact: “468908012” sip:468908012@xl.it.e.ip:5060
Call-ID: EF854A74793C488AB7A042419E8F5041@z.t.e.ip
CSeq: 59448 REGISTER
Expires: 1800
Authorization: Digest username=“468908012”,realm=“zte”,nonce=“ac9a564a4596a4a846d61059cc6da593”,response=“625862ad39a9689b34343f4f73485935”,uri="sip:z.t.e.ip"
Max-Forwards: 70
User-Agent: X-Lite release 1105x
Content-Length: 0

RECEIVE TIME: 4626154
RECEIVE << z.t.e.ip:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.2:5060;received=xl.it.e.ip;rport=5060;branch=z9hG4bK140232B2DA0D4F38A829F8C6645CD899
To: "468908012"sip:468908012@z.t.e.ip
From: "468908012"sip:468908012@z.t.e.ip;tag=3393221447
Call-ID: EF854A74793C488AB7A042419E8F5041@z.t.e.ip
CSeq: 59448 REGISTER
Contact: "468908012"sip:468908012@xl.it.e.ip:5060;expires=180
Date: Tue, 28 Mar 2006 19:26:29 GMT
User-Agent: ZTE-SoftSwitch


for the xlite registering to zte softswitch, everythings ok. but take a look at this trace where asterisk 1.2.5 is registering to zte softswitch.

Retransmitting #1 (no NAT) to z.t.e.ip:5060:
REGISTER sip:z.t.e.ip SIP/2.0
Via: SIP/2.0/UDP as.te.risk.ip:5060;branch=z9hG4bK122f51f7;rport
From: sip:468908013@z.t.e.ip;tag=as59012e3f
To: sip:468908013@z.t.e.ip
Call-ID: 035585760cf6a363146209ac30fc0c85@192.168.1.2
CSeq: 103 REGISTER
User-Agent: Asterisk 1.2.5
Max-Forwards: 70
Authorization: Digest username=“468908013”, realm=“zte”, algorithm=MD5, uri=“sip:z.t.e.ip”, nonce="", response=“c93d8de96f8df498a6b62c6214756b83”, opaque=""
Expires: 120
Contact: sip:468908013@as.te.risk.ip
Event: registration
Content-Length: 0


<-- SIP read from z.t.e.ip:5060:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.2:5060;received=as.te.risk.ip;rport=5060;branch=z9hG4bK122f51f7
To: sip:468908013@z.t.e.ip
From: sip:468908013@z.t.e.ip;tag=as59012e3f
Call-ID: 035585760cf6a363146209ac30fc0c85@192.168.1.2
CSeq: 103 REGISTER
User-Agent: ZTE-SoftSwitch
WWW-Authenticate: Digest realm=“zte”,
nonce=“33d65fb8c5d005ec629389d02dcb0069”,
ZTE-ID=2df43ba91cd57008b62cf9008b3503a4
Event: registration

— (11 headers 0 lines)—
Responding to challenge, registration to domain/host name z.t.e.ip
REGISTER 13 headers, 0 lines
Reliably Transmitting (no NAT) to z.t.e.ip:5060:
REGISTER sip:z.t.e.ip SIP/2.0
Via: SIP/2.0/UDP as.te.risk.ip:5060;branch=z9hG4bK39832c2b;rport
From: sip:468908013@z.t.e.ip;tag=as209d1d21
To: sip:468908013@z.t.e.ip
Call-ID: 035585760cf6a363146209ac30fc0c85@192.168.1.2
CSeq: 104 REGISTER
User-Agent: Asterisk 1.2.5
Max-Forwards: 70
Authorization: Digest username=“468908013”, realm=“zte”, algorithm=MD5, uri=“sip:z.t.e.ip”, nonce="", response=“c93d8de96f8df498a6b62c6214756b83”, opaque=""
Expires: 120
Contact: sip:468908013@as.te.risk.ip
Event: registration
Content-Length: 0

[b]
take special interest in the nonce value, asterisk is using a blank nonce. this issue does not exist in asterisk version 1.0.9…

can anybody point out where this went wrong? i have been reviewing chan_sip.c lately to try to create a patch but i can’t seem to find the problem. anybody with experience out there? (asterisk 1.2.7 came out but no mention of this in changelog) i’m stuck with 1.0.9
[/b]


#2

Hey kelchy,

I’ve been working on that too, and in a conversation on the #asterisk channel, we agree that the problem is multiple line on ZTE digest:

WWW-Authenticate: Digest realm=“zte”,
nonce=“ac9a564a4596a4a846d61059cc6da593”,
ZTE-ID=9d1a000388fa151f81232880c319fb50

So you need to add

pedantic=yes

on your sip.conf :wink:


#3

[quote=“andrebarbosa”]Hey kelchy,

I’ve been working on that too, and in a conversation on the #asterisk channel, we agree that the problem is multiple line on ZTE digest:

WWW-Authenticate: Digest realm=“zte”,
nonce=“ac9a564a4596a4a846d61059cc6da593”,
ZTE-ID=9d1a000388fa151f81232880c319fb50

So you need to add

pedantic=yes

on your sip.conf :wink:[/quote]

thanks =)
i have posted the problem to bugs.digium
solved.