Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.x] SIP plugin: unable to REGISTER to a SIP server with plaintext secret if it contains character ":". #3292

Open
BernardoGiordano opened this issue Nov 23, 2023 · 4 comments
Open

[1.x] SIP plugin: unable to REGISTER to a SIP server with plaintext secret if it contains character ":". #3292

BernardoGiordano opened this issue Nov 23, 2023 · 4 comments
Labels
multistream Related to Janus 1.x

Comments

@BernardoGiordano
Copy link

What version of Janus is this happening on?

  • Janus version: 1201 (1.2.1)
  • Janus commit: 77e4ce3

Have you tested a more recent version of Janus too?
N/A

Was this working before?
N/A

Is there a gdb or libasan trace of the issue?
N/A

Additional context
I'm using the SIP plugin to perform a REGISTER request to an Asterisk PBX. Every time I try to register with plaintext secret and the secret contains character ":" (example: "pass:word") the REGISTER fails. Asterisk's security logs says "wrong password". If I try to eliminate the ":" from the password and I try to register to the same SIP server keeping the other credentials unchanged, the request succeeds.

Note: I didn't try registering using the prehashed ha1_secret param.
@BernardoGiordano BernardoGiordano added the multistream Related to Janus 1.x label Nov 23, 2023
@lminiero
Copy link
Member

I remember a similar issue ages ago, and it was a problem with Sofia SIP, rather than Janus. Specifically, when providing the challenge, in Sofia SIP you use NUTAG_AUTH, which uses semicolons to separate the different parts (realm, username, etc.). As such, if the password contains a semicolon too, it confuses Sofia.

At the time we fixed this by escaping authuser and/or password in case they contained a semicolon, but that required a change in Sofia SIP too, which was implemented here. As such, make sure you're compiling Janus against a recent enough version of Sofia SIP, as older versions will not support this. If you're using an older version, uninstall it, install an updated one, and then reconfigure (touch configure.ac) and recompile (make clean && make install) Janus so that it recognizes the new version of the library.

@BernardoGiordano
Copy link
Author

Thanks for your response. I compiled Janus from source, referring to the documentation available in the repo. Here are the details of the environment I used to build it:

  • Ubuntu Server 20.04.4 LTS
  • Sofia SIP installed through apt:
    • ii libsofia-sip-ua-dev 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2 amd64 Sofia-SIP library development files
    • ii libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2 amd64 Sofia-SIP library runtime

Looks like Sofia SIP 1.12.11 has been released in 2011 so it is quite old. The Sofia SIP change you pointed out has been committed in 2009 though. However, it surely seems a library version issue.

I'll try recompiling against a more recent Sofia SIP version and give you feedback; will close the issue if the problem is solved.

@BernardoGiordano
Copy link
Author

I just tried to fresh compile Janus against v1.13.17 of libsofia and the issue still persists.

@lminiero
Copy link
Member

Then you may want to open an issue on the sofia-sip repo to track it, as it's not something we can fix in Janus.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
multistream Related to Janus 1.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lminiero @BernardoGiordano