kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[mod_sofia] Fix PRESENCE_PROBE firing on rejection 

After rejecting the subscription for authentication the function calls goto end. In the end block freeswitch fires PRESENCE_PROBE events and releases the allocated memory
* when rejecting a call for auth PRESENCE_PROBE should not get fired
* This caused all other subscribers to the same entity to get flooded with NOTIFY's because `call_id` only gets set later in the function, so when firing the PRESENCE_PROBE without `call_id` being set all subscriptions will get a notify
* this can be considered a security flaw as any unauthorized user can send
SUBSCRIBES and trigger thousands of NOTIFY's to the SUBSCRIBED endpoints

This was fixed simply my moving down the end label after the code that
sends the PRESENCE_PROBE event
This commit is contained in:
agree 2022-08-26 17:48:31 -04:00
parent 56fc995325
commit 767b163cbd
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/mod/endpoints/mod_sofia/sofia_presence.c
View File

@ -4325,7 +4325,6 @@ void sofia_presence_handle_sip_i_subscribe(int status,
switch_event_fire(&event);
}
end:
if (strcasecmp(event, "call-info") && strcasecmp(event, "line-seize")) {
@ -4407,6 +4406,8 @@ void sofia_presence_handle_sip_i_subscribe(int status,
}
}
end:
if (event) {
su_free(nua_handle_get_home(nh), event);
}