I am investigating a problem with a false positive in a product our company creates that is caused by Asterisk PBX generating a response message with blank Contact field. It came to our attention that several SIP UAC crash when presented with a message containing blank header value. I am not indicating Asterisks PBX is susceptible to this problem.
In my reading of the RFC, section 8.1.1.8 indicates that contact field cannot be blank. Section 21.10 implies that URI should be present, but the language is not definitive. The EBNF grammar indicates a blank Contact field must have a ‘*’.
I have a capture file that demonstrates suspected issue.
I was hoping a kind person could answer these three questions:
- Why is only the NOTIFY response seem to be only message that exhibits this behavior?
- What PBX configuration file and parameter needs to be updated, so valid NOTIFY responses are generated?
- Would the development team entertain a defect report to address this issue?
Thanks,
David Dennerline
Software Engineer, Internet Security Systems
Atlanta, GA