|
| From: | Aymeric Moizard |
| Subject: | Re: [osip-dev] handling of message parse error |
| Date: | Thu, 7 May 2015 13:37:14 +0200 |
Le 7 mai 2015 11:47, "FEICHTER Christoph" <address@hidden> a écrit :
>
> hi,
>
Hi Christoph,
> I just found out, that if parsing of an incoming SIP request fails, nothing happens; the request is ignored.
> this happens, because the return value of _eXosip_handle_incoming_message is not checked !
> (eXtl_udp.c line 362, function udp_tl_read_message)
>
> for what reason is the return value ignored ?
> shouldn’t we return e.g. 400 Bad Request ?
> (or is this behaviour meant as a protection against DoS attacks ?)
Trying to answer bad request is not as easy as just replying 400, because a syntax error may happen in a required field and such error may introduce a crash.
There is certainly possibility to answer some of the bad request but I think a specific (may be stateless) method creating the 400 has to be implemented for this.
Of course, this may also impact the transport layer so a bit of testing should be done.
This additional method could be enabled/disabled by an option to let the upper layer decide how they prefer to handle such ddos/error!
I'm currently moving my office... With no internet... With lots of task to achieve right after getting new access! I could be less reactive in the next 2 weeks!!! ;)
Regards
Aymeric
> br,
> christoph
>
>
>
> _______________________________________________
> osip-dev mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/osip-dev
>
| [Prev in Thread] | Current Thread | [Next in Thread] |