diff options
| author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-23 19:46:08 +0000 |
|---|---|---|
| committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-23 19:46:08 +0000 |
| commit | bf39916774394a80ee4145de4677c6602f37e8a5 (patch) | |
| tree | d2c941394962a627052e0f7d2f922470ceff13e8 | |
| parent | bf1d543f8eb4ca781fdc4b327718a08bc9baab11 (diff) | |
Additional fixes for AST-2009-001
git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.4.22.2@170640 f38db490-d61c-443f-a65b-d21fe96a405b
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | channels/chan_iax2.c | 33 |
2 files changed, 23 insertions, 16 deletions
@@ -1,3 +1,9 @@ +2009-01-23 Tilghman Lesher <tlesher@digium.com> + + * Asterisk 1.4.22.2 released. + + * channels/chan_iax2.c: Regression fixes for security fix AST-2009-01 + 2009-01-06 Tilghman Lesher <tlesher@digium.com> * Asterisk 1.4.22.1 released. diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 59caecb78..55457f889 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -5544,6 +5544,9 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * p = find_peer(peer, 1); ast_mutex_lock(&iaxsl[callno]); if (!p || !iaxs[callno]) { + if (iaxs[callno]) { + ast_string_field_set(iaxs[callno], secret, "badsecret"); + } if (authdebug && !p) ast_log(LOG_NOTICE, "No registration for peer '%s' (from %s)\n", peer, ast_inet_ntoa(sin->sin_addr)); goto return_unref; @@ -5623,21 +5626,24 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * goto return_unref; } else ast_set_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED); - } else if (!ast_strlen_zero(md5secret) || !ast_strlen_zero(secret)) { - if (authdebug) - ast_log(LOG_NOTICE, "Inappropriate authentication received\n"); + } else if (!ast_strlen_zero(iaxs[callno]->secret) || !ast_strlen_zero(iaxs[callno]->inkeys)) { + if (authdebug && + ((!ast_strlen_zero(iaxs[callno]->secret) && (p->authmethods & IAX_AUTH_MD5) && !ast_strlen_zero(iaxs[callno]->challenge)) || + (!ast_strlen_zero(iaxs[callno]->inkeys) && (p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(iaxs[callno]->challenge)))) { + ast_log(LOG_NOTICE, "Inappropriate authentication received for '%s'\n", p->name); + } /* ELSE this is the first time through and no challenge exists, so it's not quite yet a failure. */ goto return_unref; } + ast_device_state_changed("IAX2/%s", p->name); /* Activate notification */ + +return_unref: ast_string_field_set(iaxs[callno], peer, peer); /* Choose lowest expiry number */ if (expire && (expire < iaxs[callno]->expiry)) iaxs[callno]->expiry = expire; - ast_device_state_changed("IAX2/%s", p->name); /* Activate notification */ - res = 0; -return_unref: if (p) peer_unref(p); @@ -6309,7 +6315,6 @@ static int registry_authrequest(int callno) struct iax2_peer *p; char challenge[10]; const char *peer_name; - int res = -1; int sentauthmethod; peer_name = ast_strdupa(iaxs[callno]->peer); @@ -6323,11 +6328,7 @@ static int registry_authrequest(int callno) ast_mutex_lock(&iaxsl[callno]); if (!iaxs[callno]) goto return_unref; - if (!p && !delayreject) { - ast_log(LOG_WARNING, "No such peer '%s'\n", peer_name); - goto return_unref; - } - + memset(&ied, 0, sizeof(ied)); /* The selection of which delayed reject is sent may leak information, * if it sets a static response. For example, if a host is known to only @@ -6345,12 +6346,12 @@ static int registry_authrequest(int callno) } iax_ie_append_str(&ied, IAX_IE_USERNAME, peer_name); - res = 0; - return_unref: - peer_unref(p); + if (p) { + peer_unref(p); + } - return res ? res : send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);; + return iaxs[callno] ? send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1) : -1; } static int registry_rerequest(struct iax_ies *ies, int callno, struct sockaddr_in *sin) |