cmaumo / sipdroid

Automatically exported from code.google.com/p/sipdroid
GNU General Public License v3.0
0 stars 0 forks source link

Sip NOTIFY loop causes DOS attack #1011

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Run Siproid and wait unfortunately...

I've actually seen sipdroid crash my FreeSWITCH box on older versions of 
android.   Sipdroid just keeps sending a repeated notify event forever.  I 
haven't yet found a trigger, but I am willing to help however I can.

What is the expected output? What do you see instead?
Sip trace at end.

What version of the product are you using? On what device/operating system?
v2.4 beta from market.

Which SIP server are you using? What happens with PBXes?
FreeSWITCH. I don't know about PBXes.

Which type of network are you using?
Sprint 4g

Please provide any additional information below.
Samsung Epic 4g on Sprint, FW 2.3.5 (GINGERBREAD.EI22), Kernel 2.6.35.7

=========
SIP TRACE
=========

send 939 bytes to udp/[99.202.214.212]:55158 at 17:32:58.639224:
   ------------------------------------------------------------------------
   NOTIFY sip:1001@99.202.214.212:55158;transport=udp SIP/2.0
   Via: SIP/2.0/UDP 192.168.1.100;rport;branch=z9hG4bKXay9c228pZp5c
   Max-Forwards: 70
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074776 NOTIFY
   Contact: <sip:1001@1.2.3.4:5060>
   User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-9403064 2011-08-30 09-15-27 -0500
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: timer, precondition, path, replaces
   Event: message-summary
   Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
   Subscription-State: active;expires=183967
   Content-Type: application/simple-message-summary
   Content-Length: 69

   Messages-Waiting: no
   Message-Account: sip:1001@voip.myhost.com

   ------------------------------------------------------------------------
recv 318 bytes from udp/[99.202.214.212]:55158 at 17:32:58.839601:
   ------------------------------------------------------------------------
   SIP/2.0 200 OK
   Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bKXay9c228pZp5c;rport=5060
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074776 NOTIFY
   Server: Sipdroid/2.4 beta/SPH-D700
   Content-Length: 0

   ------------------------------------------------------------------------
send 939 bytes to udp/[99.202.214.212]:55158 at 17:32:58.846089:
   ------------------------------------------------------------------------
   NOTIFY sip:1001@99.202.214.212:55158;transport=udp SIP/2.0
   Via: SIP/2.0/UDP 192.168.1.100;rport;branch=z9hG4bKyKQ2eXKcm8crr
   Max-Forwards: 70
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074777 NOTIFY
   Contact: <sip:1001@1.2.3.4:5060>
   User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-9403064 2011-08-30 09-15-27 -0500
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: timer, precondition, path, replaces
   Event: message-summary
   Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
   Subscription-State: active;expires=183967
   Content-Type: application/simple-message-summary
   Content-Length: 69

   Messages-Waiting: no
   Message-Account: sip:1001@voip.myhost.com

   ------------------------------------------------------------------------
recv 318 bytes from udp/[99.202.214.212]:55158 at 17:32:59.114070:
   ------------------------------------------------------------------------
   SIP/2.0 200 OK
   Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bKyKQ2eXKcm8crr;rport=5060
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074777 NOTIFY
   Server: Sipdroid/2.4 beta/SPH-D700
   Content-Length: 0

   ------------------------------------------------------------------------
send 939 bytes to udp/[99.202.214.212]:55158 at 17:32:59.119670:
   ------------------------------------------------------------------------
   NOTIFY sip:1001@99.202.214.212:55158;transport=udp SIP/2.0
   Via: SIP/2.0/UDP 192.168.1.100;rport;branch=z9hG4bKZvgUgr4FHH3am
   Max-Forwards: 70
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074778 NOTIFY
   Contact: <sip:1001@1.2.3.4:5060>
   User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-9403064 2011-08-30 09-15-27 -0500
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: timer, precondition, path, replaces
   Event: message-summary
   Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
   Subscription-State: active;expires=183966
   Content-Type: application/simple-message-summary
   Content-Length: 69

   Messages-Waiting: no
   Message-Account: sip:1001@voip.myhost.com

   ------------------------------------------------------------------------
recv 318 bytes from udp/[99.202.214.212]:55158 at 17:32:59.333717:
   ------------------------------------------------------------------------
   SIP/2.0 200 OK
   Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bKZvgUgr4FHH3am;rport=5060
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074778 NOTIFY
   Server: Sipdroid/2.4 beta/SPH-D700
   Content-Length: 0

   ------------------------------------------------------------------------
send 939 bytes to udp/[99.202.214.212]:55158 at 17:32:59.336183:
   ------------------------------------------------------------------------
   NOTIFY sip:1001@99.202.214.212:55158;transport=udp SIP/2.0
   Via: SIP/2.0/UDP 192.168.1.100;rport;branch=z9hG4bK059KjKNKetSXF
   Max-Forwards: 70
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074779 NOTIFY
   Contact: <sip:1001@1.2.3.4:5060>
   User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-9403064 2011-08-30 09-15-27 -0500
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: timer, precondition, path, replaces
   Event: message-summary
   Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
   Subscription-State: active;expires=183966
   Content-Type: application/simple-message-summary
   Content-Length: 69

   Messages-Waiting: no
   Message-Account: sip:1001@voip.myhost.com

   ------------------------------------------------------------------------
recv 318 bytes from udp/[99.202.214.212]:55158 at 17:32:59.614840:
   ------------------------------------------------------------------------
   SIP/2.0 200 OK
   Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK059KjKNKetSXF;rport=5060
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074779 NOTIFY
   Server: Sipdroid/2.4 beta/SPH-D700
   Content-Length: 0

   ------------------------------------------------------------------------
send 939 bytes to udp/[99.202.214.212]:55158 at 17:32:59.623936:
   ------------------------------------------------------------------------
   NOTIFY sip:1001@99.202.214.212:55158;transport=udp SIP/2.0
   Via: SIP/2.0/UDP 192.168.1.100;rport;branch=z9hG4bK1e3cme6pB3FgB
   Max-Forwards: 70
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074780 NOTIFY
   Contact: <sip:1001@1.2.3.4:5060>
   User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-9403064 2011-08-30 09-15-27 -0500
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: timer, precondition, path, replaces
   Event: message-summary
   Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
   Subscription-State: active;expires=183966
   Content-Type: application/simple-message-summary
   Content-Length: 69

   Messages-Waiting: no
   Message-Account: sip:1001@voip.myhost.com

   ------------------------------------------------------------------------
recv 318 bytes from udp/[99.202.214.212]:55158 at 17:32:59.833014:
   ------------------------------------------------------------------------
   SIP/2.0 200 OK
   Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK1e3cme6pB3FgB;rport=5060
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074780 NOTIFY
   Server: Sipdroid/2.4 beta/SPH-D700
   Content-Length: 0

   ------------------------------------------------------------------------
send 939 bytes to udp/[99.202.214.212]:55158 at 17:32:59.838707:
   ------------------------------------------------------------------------
   NOTIFY sip:1001@99.202.214.212:55158;transport=udp SIP/2.0
   Via: SIP/2.0/UDP 192.168.1.100;rport;branch=z9hG4bK2Qv5N9pt8B62p
   Max-Forwards: 70
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074781 NOTIFY
   Contact: <sip:1001@1.2.3.4:5060>
   User-Agent: FreeSWITCH-mod_sofia/1.0.head-git-9403064 2011-08-30 09-15-27 -0500
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: timer, precondition, path, replaces
   Event: message-summary
   Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
   Subscription-State: active;expires=183966
   Content-Type: application/simple-message-summary
   Content-Length: 69

   Messages-Waiting: no
   Message-Account: sip:1001@voip.myhost.com

   ------------------------------------------------------------------------
recv 318 bytes from udp/[99.202.214.212]:55158 at 17:33:00.054981:
   ------------------------------------------------------------------------
   SIP/2.0 200 OK
   Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK2Qv5N9pt8B62p;rport=5060
   To: <sip:1001@voip.myhost.com>;tag=z9hG4bK43256934
   From: <sip:1001@voip.myhost.com>;tag=gtD9vcjc4yDga
   Call-ID: 394217202105@99.202.214.212
   CSeq: 23074781 NOTIFY
   Server: Sipdroid/2.4 beta/SPH-D700
   Content-Length: 0

Original issue reported on code.google.com by soape...@gmail.com on 17 Jan 2012 at 6:03