From: Joshua Colp <jcolp@digium.com>
Date: Wed, 4 Nov 2009 19:16:33 +0000 (+0000)
Subject: Fix a security issue where sending a REGISTER with a differing username in the From
X-Git-Tag: 1.2.38~2^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe80ce7e5d95c0f334cd4f216fd8f77abf667299;p=thirdparty%2Fasterisk.git

Fix a security issue where sending a REGISTER with a differing username in the From
URI and Authorization header would reveal whether it was valid or not.

(AST-2009-008)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@227698 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 5ad323b7b3..f4813d70cb 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -6829,8 +6829,6 @@ static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct si
 			   Asterisk uses the From: username for authentication. We need the
 			   users to use the same authentication user name until we support
 			   proper authentication by digest auth name */
-			transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
-			break;
 		case -3:	/* Unknown domain */
 		case -4:	/* ACL error */
 		case -5:	/* Peer is not supposed to register with us at all */