[1.x] SIP plugin: unable to REGISTER to a SIP server with plaintext secret if it contains character ":".

[BernardoGiordano]

What version of Janus is this happening on?

• Janus version: 1201 (1.2.1)
• Janus commit: 77e4ce31816c66e41e74f97228ed6f432e0af2ef

Have you tested a more recent version of Janus too? N/A

Was this working before? N/A

Is there a gdb or libasan trace of the issue? N/A

Additional context I'm using the SIP plugin to perform a REGISTER request to an Asterisk PBX. Every time I try to register with plaintext secret and the secret contains character ":" (example: "pass:word") the REGISTER fails. Asterisk's security logs says "wrong password". If I try to eliminate the ":" from the password and I try to register to the same SIP server keeping the other credentials unchanged, the request succeeds.

Note: I didn't try registering using the prehashed ha1_secret param.

[lminiero]

I remember a similar issue ages ago, and it was a problem with Sofia SIP, rather than Janus. Specifically, when providing the challenge, in Sofia SIP you use NUTAG_AUTH, which uses semicolons to separate the different parts (realm, username, etc.). As such, if the password contains a semicolon too, it confuses Sofia.

At the time we fixed this by escaping authuser and/or password in case they contained a semicolon, but that required a change in Sofia SIP too, which was implemented here. As such, make sure you're compiling Janus against a recent enough version of Sofia SIP, as older versions will not support this. If you're using an older version, uninstall it, install an updated one, and then reconfigure (touch configure.ac) and recompile (make clean && make install) Janus so that it recognizes the new version of the library.

[BernardoGiordano]

Thanks for your response. I compiled Janus from source, referring to the documentation available in the repo. Here are the details of the environment I used to build it:

• Ubuntu Server 20.04.4 LTS
• Sofia SIP installed through apt:
  • ii libsofia-sip-ua-dev 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2 amd64 Sofia-SIP library development files
  • ii libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2 amd64 Sofia-SIP library runtime

Looks like Sofia SIP 1.12.11 has been released in 2011 so it is quite old. The Sofia SIP change you pointed out has been committed in 2009 though. However, it surely seems a library version issue.

I'll try recompiling against a more recent Sofia SIP version and give you feedback; will close the issue if the problem is solved.

[BernardoGiordano]

I just tried to fresh compile Janus against v1.13.17 of libsofia and the issue still persists.

[lminiero]

Then you may want to open an issue on the sofia-sip repo to track it, as it's not something we can fix in Janus.

[lminiero]

I just checked again, and can confirm the issue was never fixed in Sofia SIP. You can find the original post where I mentioned the problem, and there was a reference to auc_credentials() that hasn't been changed since. Escaping the colon doesn't seem to be enough, just as wrapping it in quotes (which is what we do, as it was the original fix for realms) doesn't help either. The only fix would be to change the format, or the way, credentials are passed to the NUTAG_AUTH tag, but that's something that should be done in the library. Nothing we can do in Janus itself, so I'll close this.