Fix a security issue where sending a REGISTER with a differing username in the From

URI and Authorization header would reveal whether it was valid or not.

(AST-2009-008)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@227700 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index fdd3dc7c4793f4ec4ca1309874776f47a843ba8a..e87d7a15424f57c652146fd048e1fb950b324a14 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -9360,8 +9360,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
                           Asterisk uses the From: username for authentication. We need the
                           users to use the same authentication user name until we support
                           proper authentication by digest auth name */
-                       transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
-                       break;
                case AUTH_NOT_FOUND:
                case AUTH_PEER_NOT_DYNAMIC:
                case AUTH_ACL_FAILED: