Maxim Zaikin wrote:
> Hi
>
> nua_create (..., SIPTAG_ALLOW_STR (" INVITE, ACK, BYE, CANCEL, INFO
> ")...)
>
> I have test in which sent single "OPTIONS" request, I used
> sipsak-0.9.5.exe -F sip:[EMAIL PROTECTED] (-F = activates the flood mode)
>
> "OPTIONS" is forbidden and library answers ' 405 Method Not Allowed ' it
> is correct, but library creates transaction for this request (allocates
> memory...)
>
> Within 1 minute MemUsage becomes 340MB
>
> I think is necessary to make check on admissible methods before
> transaction is created.
If you're not planning on disallowing _all_ methods, I think it will be
trivial to change the 'exploit' to bypass your fix ;)
/Fredrik
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Sofia-sip-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
