[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [osip-dev] handling of message parse error

From: Aymeric Moizard
Subject: Re: [osip-dev] handling of message parse error
Date: Thu, 7 May 2015 13:37:14 +0200

Le 7 mai 2015 11:47, "FEICHTER Christoph" <address@hidden> a écrit :
> hi,
Hi Christoph,

> I just found out, that if parsing of an incoming SIP request fails, nothing happens; the request is ignored.
> this happens, because the return value of _eXosip_handle_incoming_message is not checked !
> (eXtl_udp.c line 362, function udp_tl_read_message)
> for what reason is the return value ignored ?
> shouldn’t we return e.g. 400 Bad Request ?
> (or is this behaviour meant as a protection against DoS attacks ?)

Trying to answer bad request is not as easy as just replying 400, because a syntax error may happen in a required field and such error may introduce a crash.

There is certainly possibility to answer some of the bad request but I think a specific (may be stateless) method creating the 400  has to be implemented for this.

Of course, this may also impact the transport layer so a bit of testing should be done.

This additional method could be enabled/disabled by an option to let the upper layer decide how they prefer to handle such ddos/error!

I'm currently moving my office... With no internet... With lots of task to achieve right after getting new access! I could be less reactive in the next 2 weeks!!! ;)


> br,
> christoph
> _______________________________________________
> osip-dev mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/osip-dev

reply via email to

[Prev in Thread] Current Thread [Next in Thread]