From: Joshua Colp Date: Wed, 4 Nov 2009 19:21:49 +0000 (+0000) Subject: Merged revisions 227712 via svnmerge from X-Git-Tag: 1.6.0.18-rc1~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cf3d5c6dd7306c542a6cad4c2b840b2805a23e7;p=thirdparty%2Fasterisk.git Merged revisions 227712 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r227712 | file | 2009-11-04 15:20:46 -0400 (Wed, 04 Nov 2009) | 12 lines Merged revisions 227700 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r227700 | file | 2009-11-04 15:17:39 -0400 (Wed, 04 Nov 2009) | 5 lines Fix a security issue where sending a REGISTER with a differing username in the From URI and Authorization header would reveal whether it was valid or not. (AST-2009-008) ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@227717 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 2ea85b40d9..b04026a9db 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -11389,8 +11389,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr Asterisk uses the From: username for authentication. We need the users to use the same authentication user name until we support proper authentication by digest auth name */ - transmit_response(p, "403 Authentication user name does not match account name", &p->initreq); - break; case AUTH_NOT_FOUND: case AUTH_PEER_NOT_DYNAMIC: case AUTH_ACL_FAILED: