aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2009-01-23 19:54:36 +0000
committertilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2009-01-23 19:54:36 +0000
commit51f19629950c8f42d8ab85ecb32915fd3b263b10 (patch)
treefc352fa4f2803edad5e17705704bae433c3d568f
parentf694e9f252b2fb7f6a8ee2dc04fde99400106929 (diff)
Additional fixes for AST-2009-001v1.6.0.3.1
git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.6.0.3.1@170643 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r--ChangeLog6
-rw-r--r--channels/chan_iax2.c36
2 files changed, 25 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index d77891e26..5bfc8bc84 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-01-23 Tilghman Lesher <tlesher@digium.com>
+
+ * Released 1.6.0.3.1
+
+ * channels/chan_iax2.c: Regression fixes for security fix AST-2009-001
+
2009-01-06 Tilghman Lesher <tlesher@digium.com>
* Released 1.6.0.3
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 0a7260752..9ade0db7e 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -6254,6 +6254,10 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
p = find_peer(peer, 1);
ast_mutex_lock(&iaxsl[callno]);
if (!p || !iaxs[callno]) {
+ if (iaxs[callno]) {
+ /* Anything, as long as it's non-blank */
+ ast_string_field_set(iaxs[callno], secret, "badsecret");
+ }
if (authdebug && !p)
ast_log(LOG_NOTICE, "No registration for peer '%s' (from %s)\n", peer, ast_inet_ntoa(sin->sin_addr));
goto return_unref;
@@ -6333,21 +6337,24 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
goto return_unref;
} else
ast_set_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED);
- } else if (!ast_strlen_zero(md5secret) || !ast_strlen_zero(secret)) {
- if (authdebug)
- ast_log(LOG_NOTICE, "Inappropriate authentication received\n");
+ } else if (!ast_strlen_zero(p->secret) || !ast_strlen_zero(p->inkeys)) {
+ if (authdebug &&
+ ((!ast_strlen_zero(p->secret) && (p->authmethods & IAX_AUTH_MD5) && !ast_strlen_zero(iaxs[callno]->challenge)) ||
+ (!ast_strlen_zero(p->inkeys) && (p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(iaxs[callno]->challenge)))) {
+ ast_log(LOG_NOTICE, "Inappropriate authentication received for '%s'\n", p->name);
+ }
goto return_unref;
}
+ ast_devstate_changed(AST_DEVICE_UNKNOWN, "IAX2/%s", p->name); /* Activate notification */
+
+return_unref:
ast_string_field_set(iaxs[callno], peer, peer);
/* Choose lowest expiry number */
if (expire && (expire < iaxs[callno]->expiry))
iaxs[callno]->expiry = expire;
- ast_device_state_changed("IAX2/%s", p->name); /* Activate notification */
-
res = 0;
-return_unref:
if (p)
peer_unref(p);
@@ -7078,25 +7085,20 @@ static int registry_authrequest(int callno)
struct iax2_peer *p;
char challenge[10];
const char *peer_name;
- int res = -1;
int sentauthmethod;
peer_name = ast_strdupa(iaxs[callno]->peer);
/* SLD: third call to find_peer in registration */
ast_mutex_unlock(&iaxsl[callno]);
- if (p = find_peer(peer_name, 1)) {
+ if ((p = find_peer(peer_name, 1))) {
last_authmethod = p->authmethods;
}
ast_mutex_lock(&iaxsl[callno]);
if (!iaxs[callno])
goto return_unref;
- if (!p && !delayreject) {
- ast_log(LOG_WARNING, "No such peer '%s'\n", peer_name);
- goto return_unref;
- }
-
+
memset(&ied, 0, sizeof(ied));
/* The selection of which delayed reject is sent may leak information,
* if it sets a static response. For example, if a host is known to only
@@ -7114,12 +7116,12 @@ static int registry_authrequest(int callno)
}
iax_ie_append_str(&ied, IAX_IE_USERNAME, peer_name);
- res = 0;
-
return_unref:
- peer_unref(p);
+ if (p) {
+ peer_unref(p);
+ }
- return res ? res : send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);;
+ return iaxs[callno] ? send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1) : -1;
}
static int registry_rerequest(struct iax_ies *ies, int callno, struct sockaddr_in *sin)