diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-15 01:15:49 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-15 01:15:49 +0000 |
commit | d1605d9ca0629b8fc11916dcd062e1425187bccc (patch) | |
tree | 6583899acf88a1e31eb996176163f80614b41528 /channels | |
parent | f5a647bbc838d5f54f1df8f73e27b92b2fe4be4b (diff) |
1.2 regression on security fix AST-2009-001
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@168632 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_iax2.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 5ce8be1d8..a46cec0f5 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -5377,6 +5377,12 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * ast_log(LOG_NOTICE, "Empty registration from %s\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr)); return -1; } + + ast_copy_string(iaxs[callno]->peer, peer, sizeof(iaxs[callno]->peer)); + /* Choose lowest expiry number */ + if (expire && (expire < iaxs[callno]->expiry)) + iaxs[callno]->expiry = expire; + /* We release the lock for the call to prevent a deadlock, but it's okay because only the current thread could possibly make it go away or make changes */ ast_mutex_unlock(&iaxsl[callno]); @@ -5387,6 +5393,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * if (!p) { if (authdebug) ast_log(LOG_NOTICE, "No registration for peer '%s' (from %s)\n", peer, ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr)); + ast_copy_string(iaxs[callno]->secret, "invalidpassword", sizeof(iaxs[callno]->secret)); return -1; } @@ -5474,18 +5481,13 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * destroy_peer(p); return -1; } - } else if (!ast_strlen_zero(md5secret) || !ast_strlen_zero(secret)) { + } else if (!ast_strlen_zero(p->secret) || !ast_strlen_zero(p->inkeys)) { if (authdebug) - ast_log(LOG_NOTICE, "Inappropriate authentication received\n"); + ast_log(LOG_NOTICE, "Inappropriate authentication received for '%s'\n", p->name); if (ast_test_flag(p, IAX_TEMPONLY)) destroy_peer(p); return -1; } - ast_copy_string(iaxs[callno]->peer, peer, sizeof(iaxs[callno]->peer)); - /* Choose lowest expiry number */ - if (expire && (expire < iaxs[callno]->expiry)) - iaxs[callno]->expiry = expire; - ast_device_state_changed("IAX2/%s", p->name); /* Activate notification */ if (ast_test_flag(p, IAX_TEMPONLY)) @@ -6102,7 +6104,7 @@ static int registry_authrequest(char *name, int callno) authmethods = p ? p->authmethods : lastauthmethod ? lastauthmethod : (IAX_AUTH_PLAINTEXT | IAX_AUTH_MD5); if (p && ast_test_flag(p, IAX_TEMPONLY)) { destroy_peer(p); - } else if (!delayreject) { + } else if (!p && !delayreject) { ast_log(LOG_WARNING, "No such peer '%s'\n", name); return 0; } @@ -7845,11 +7847,7 @@ retryowner2: /* For security, always ack immediately */ if (delayreject) send_command_immediate(iaxs[fr->callno], AST_FRAME_IAX, IAX_COMMAND_ACK, fr->ts, NULL, 0,fr->iseqno); - if (register_verify(fr->callno, &sin, &ies)) { - /* Send delayed failure */ - auth_fail(fr->callno, IAX_COMMAND_REGREJ); - break; - } + register_verify(fr->callno, &sin, &ies); if ((ast_strlen_zero(iaxs[fr->callno]->secret) && ast_strlen_zero(iaxs[fr->callno]->inkeys)) || ast_test_flag(&iaxs[fr->callno]->state, IAX_STATE_AUTHENTICATED)) { if (f.subclass == IAX_COMMAND_REGREL) memset(&sin, 0, sizeof(sin)); |