aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2009-01-06 20:44:03 +0000
committertilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2009-01-06 20:44:03 +0000
commit714326dba6775b3f98d77a8b0e2ffe4ae539de80 (patch)
tree19ead84d238fa5cbd279aebae9a63ce7a58e7e41
parent0f734cbeb2cecde3204aae52029fd416a03b9465 (diff)
Security fix AST-2009-001.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@167259 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r--channels/chan_iax2.c44
1 files changed, 28 insertions, 16 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 5a4a55806..5ce8be1d8 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -164,6 +164,7 @@ static int trunkfreq = 20;
static int authdebug = 1;
static int autokill = 0;
static int iaxcompat = 0;
+static int lastauthmethod = 0;
static int iaxdefaultdpcache=10 * 60; /* Cache dialplan entries for 10 minutes by default */
@@ -6087,23 +6088,34 @@ static int registry_authrequest(char *name, int callno)
{
struct iax_ie_data ied;
struct iax2_peer *p;
+ int authmethods;
+
+ if (!iaxs[callno]) {
+ return 0;
+ }
+
/* SLD: third call to find_peer in registration */
- p = find_peer(name, 1);
- if (p) {
- memset(&ied, 0, sizeof(ied));
- iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods);
- if (p->authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
- /* Build the challenge */
- snprintf(iaxs[callno]->challenge, sizeof(iaxs[callno]->challenge), "%d", rand());
- iax_ie_append_str(&ied, IAX_IE_CHALLENGE, iaxs[callno]->challenge);
- }
- iax_ie_append_str(&ied, IAX_IE_USERNAME, name);
- if (ast_test_flag(p, IAX_TEMPONLY))
- destroy_peer(p);
- return send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);;
- }
- ast_log(LOG_WARNING, "No such peer '%s'\n", name);
- return 0;
+ if ((p = find_peer(name, 1))) {
+ lastauthmethod = p->authmethods;
+ }
+
+ authmethods = p ? p->authmethods : lastauthmethod ? lastauthmethod : (IAX_AUTH_PLAINTEXT | IAX_AUTH_MD5);
+ if (p && ast_test_flag(p, IAX_TEMPONLY)) {
+ destroy_peer(p);
+ } else if (!delayreject) {
+ ast_log(LOG_WARNING, "No such peer '%s'\n", name);
+ return 0;
+ }
+
+ memset(&ied, 0, sizeof(ied));
+ iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods);
+ if (authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
+ /* Build the challenge */
+ snprintf(iaxs[callno]->challenge, sizeof(iaxs[callno]->challenge), "%d", rand());
+ iax_ie_append_str(&ied, IAX_IE_CHALLENGE, iaxs[callno]->challenge);
+ }
+ iax_ie_append_str(&ied, IAX_IE_USERNAME, name);
+ return send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);;
}
static int registry_rerequest(struct iax_ies *ies, int callno, struct sockaddr_in *sin)