[asterisk-bugs] [Asterisk 0011018]: patch for 10979 breaks IAX RSA auth

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Oct 17 23:16:38 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11018 
====================================================================== 
Reported By:                dimas
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   11018
Category:                   Core-General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 85687 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-17-2007 19:01 CDT
Last Modified:              10-17-2007 23:16 CDT
====================================================================== 
Summary:                    patch for 10979 breaks IAX RSA auth
Description: 
The commit 85543 wasn't really a good idea.
base64 _decoder_ will most likely produce binary data anyway (why base64
otherwise?) so there is no sense in nul-terminating these data. If string
data is expected from decode operation, it is up to calling code to provide
buffer of enough size and nul-terminate it.

res_crypto __ast_check_signature provides fixed size buffer exactly
matching the expected size of binary data so when base64 decoder forces
nul-termination it effectively kills last byte of binary data and RSA key
verification always fails.
====================================================================== 

---------------------------------------------------------------------- 
 russell - 10-17-07 23:16  
---------------------------------------------------------------------- 
You're right.  I agree that it was a bad idea.  Sorry. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-17-07 23:16  russell        Note Added: 0072210                          
======================================================================

More information about the asterisk-bugs mailing list