Relax qop validation: according to the RFC8760 if the qop

is not provided, the qop=auth should be assumed. Issue: #2995
OpenSIPS · Jan 26, 2023 · 6f8af86 · 6f8af86
1 parent fb686b8
commit 6f8af86
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/modules/auth/api.c b/modules/auth/api.c
@@ -229,6 +229,13 @@ auth_result_t pre_auth(struct sip_msg* _m, str* _realm, hdr_types_t _hftype,
 		goto stalenonce;
 	}
 	qop_type_t qop = dcp->qop.qop_parsed;
+	if (qop == QOP_UNSPEC_D) {
+		/*
+		 * RFC8760: If the "qop" parameter is not specified, then
+		 * the default value is "auth".
+		 */
+		qop = QOP_AUTH_D;
+	}
 	if (np.qop != qop) {
 		switch (np.qop) {
 		case QOP_AUTH_AUTHINT_D: