Merged revisions 227712 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk

................
  r227712 | file | 2009-11-04 15:20:46 -0400 (Wed, 04 Nov 2009) | 12 lines

  Merged revisions 227700 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r227700 | file | 2009-11-04 15:17:39 -0400 (Wed, 04 Nov 2009) | 5 lines

    Fix a security issue where sending a REGISTER with a differing username in the From
    URI and Authorization header would reveal whether it was valid or not.

    (AST-2009-008)
  ........
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@227717 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 2ea85b40d923e62bd44c5723e3719359b82a49ab..b04026a9db47f66304378fec75c997595e33e798 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -11389,8 +11389,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
                           Asterisk uses the From: username for authentication. We need the
                           users to use the same authentication user name until we support
                           proper authentication by digest auth name */
-                       transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
-                       break;
                case AUTH_NOT_FOUND:
                case AUTH_PEER_NOT_DYNAMIC:
                case AUTH_ACL_FAILED: