Juha Heinanen writes:
does the module check that reply to the request from uas really includes the added parameter in its r-r header or is correct operation of in-dialog requests at the mercy of the uas?
answering to myself, i read the source code and looks like restore_from_reply function does not check that the r-r param that was added when request was processed, was copied by uas to the reply or that the reply contains the r-r header that the proxy added to the request.
isn't this a security risk? even without the from replacing business, shouldn't proxy ALWAYS check that the reply contains the r-r header that it added? if it does not, the uac can be fooled to send in-dialog requests to somewhere else (unless it is configured to always use this proxy as its next hop).
so if proxy receives a request that contains a (possibly missing) r-r header:
r-r: a,b
and it adds itself (c) there
r-r: a,b,c
when reply comes back, shouldn't the proxy check that the r-r header in the reply starts with
r-r: a,b,c
if not, what am i missing here?
-- juha