Skip to content
Snippets Groups Projects
Commit f60b1f35 authored by zuul's avatar zuul Committed by Gerrit Code Review
Browse files

Merge "res_pjsip_authenticator_digest: Don't use source port in nonce verification"

parents 2da358a3 1e876d69
No related branches found
No related tags found
No related merge requests found
...@@ -206,9 +206,12 @@ static int build_nonce(struct ast_str **nonce, const char *timestamp, const pjsi ...@@ -206,9 +206,12 @@ static int build_nonce(struct ast_str **nonce, const char *timestamp, const pjsi
RAII_VAR(char *, eid, ao2_global_obj_ref(entity_id), ao2_cleanup); RAII_VAR(char *, eid, ao2_global_obj_ref(entity_id), ao2_cleanup);
char hash[33]; char hash[33];
/*
* Note you may be tempted to think why not include the port. The reason
* is that when using TCP the port can potentially differ from before.
*/
ast_str_append(&str, 0, "%s", timestamp); ast_str_append(&str, 0, "%s", timestamp);
ast_str_append(&str, 0, ":%s", rdata->pkt_info.src_name); ast_str_append(&str, 0, ":%s", rdata->pkt_info.src_name);
ast_str_append(&str, 0, ":%d", rdata->pkt_info.src_port);
ast_str_append(&str, 0, ":%s", eid); ast_str_append(&str, 0, ":%s", eid);
ast_str_append(&str, 0, ":%s", realm); ast_str_append(&str, 0, ":%s", realm);
ast_md5_hash(hash, ast_str_buffer(str)); ast_md5_hash(hash, ast_str_buffer(str));
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment