Handle Session-Expires less than local Min-SE in 200 OK

Ensure that a call is immediately torn down if a Session-Expires value
received in a 200 OK is less than the local Min-SE. This also prevents
Asterisk from allowing calls with Session-Expires below the
RFC4028-mandated minimum (90s).

(closes issue ASTERISK-20653)
Review: https://reviewboard.asterisk.org/r/2237/
Patch-by: Kinsey Moore
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377623 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 0a9468a7df26cb44fde3f4a77c66d91145d6af8e..fd3da30ca02dadc309db55c798e04db434d898b9 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -20794,6 +20794,9 @@ static void handle_response_invite(struct sip_pvt *p, int resp, const char *rest
                                rtn = parse_session_expires(p_hdrval, &tmp_st_interval, &st_ref_param);
                                if (rtn != 0) {
                                        ast_set_flag(&p->flags[0], SIP_PENDINGBYE);     
+                               } else if (tmp_st_interval < st_get_se(p, FALSE)) {
+                                       ast_log(LOG_WARNING, "Got Session-Expires less than local Min-SE in 200 OK, tearing down call\n");
+                                       ast_set_flag(&p->flags[0], SIP_PENDINGBYE);
                                }
                                if (st_ref_param == SESSION_TIMER_REFRESHER_PARAM_UAC) {
                                   p->stimer->st_ref = SESSION_TIMER_REFRESHER_US;