Fix a security issue where sending a REGISTER with a differing username in the From

URI and Authorization header would reveal whether it was valid or not.

(AST-2009-008)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@227698 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 5ad323b7b3bc019aa2167a91e2e629c726c27804..f4813d70cbbab08b971c3608f1ae59eb3ccdb9b0 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -6829,8 +6829,6 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
                           Asterisk uses the From: username for authentication. We need the
                           users to use the same authentication user name until we support
                           proper authentication by digest auth name */
-                       transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
-                       break;
                case -3:        /* Unknown domain */
                case -4:        /* ACL error */
                case -5:        /* Peer is not supposed to register with us at all */