[asterisk-bugs] [Asterisk 0011018]: patch for 10979 breaks IAX RSA auth

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Aug 25 18:55:09 CDT 2009 

The following issue has been set as RELATED TO issue 0015271. 
====================================================================== 
https://issues.asterisk.org/view.php?id=11018 
====================================================================== 
Reported By:                dimas
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   11018
Category:                   Core/General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Asterisk Version:            SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 85687 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2007-10-17 19:01 CDT
Last Modified:              2009-08-25 18:55 CDT
====================================================================== 
Summary:                    patch for 10979 breaks IAX RSA auth
Description: 
The commit 85543 wasn't really a good idea.
base64 _decoder_ will most likely produce binary data anyway (why base64
otherwise?) so there is no sense in nul-terminating these data. If string
data is expected from decode operation, it is up to calling code to provide
buffer of enough size and nul-terminate it.

res_crypto __ast_check_signature provides fixed size buffer exactly
matching the expected size of binary data so when base64 decoder forces
nul-termination it effectively kills last byte of binary data and RSA key
verification always fails.
======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0010979 [path] main/util.c missed *dst='\0'; in...
related to          0015271 [patch] BASE64_DECODE() adds garbage en...
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-08-25 18:55 snuffy         Relationship added       related to 0015271  
======================================================================

More information about the asterisk-bugs mailing list