[asterisk-bugs] [Asterisk 0015834]: [patch] iax2 encryption failed on asterisk 1.4.26.2

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Sep 10 16:22:52 CDT 2009


A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=15834 
====================================================================== 
Reported By:                karesmakro
Assigned To:                dvossel
====================================================================== 
Project:                    Asterisk
Issue ID:                   15834
Category:                   Channels/chan_iax2
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Target Version:             1.4.27
Asterisk Version:           1.4.26.2 
Regression:                 Yes 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-09-04 13:31 CDT
Last Modified:              2009-09-10 16:22 CDT
====================================================================== 
Summary:                    [patch] iax2 encryption failed on asterisk 1.4.26.2
Description: 
I installed new asterisk 1.4.26.2 release as recommended, because of iax2
security issues and added the new options with come with new release.
Problem is, if encryption is enabled, I always get following error
message:
"host xxx.xxx.xxx.xxx failed to authenticate as 7100"
As I miss something? If encryption is disabled, call can be placed without
any problem!
In earlier version (asterisk-1.4.26.1) it worked perfectly!

If I disable encryption on server and enable on client side, I get message
like "decryption failed" as expectet.

====================================================================== 

---------------------------------------------------------------------- 
 (0110532) svnbot (reporter) - 2009-09-10 16:22
 https://issues.asterisk.org/view.php?id=15834#c110532 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 217821

_U  branches/1.6.2/
U   branches/1.6.2/channels/chan_iax2.c

------------------------------------------------------------------------
r217821 | dvossel | 2009-09-10 16:22:51 -0500 (Thu, 10 Sep 2009) | 35
lines

Merged revisions 217807 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

................
  r217807 | dvossel | 2009-09-10 16:07:47 -0500 (Thu, 10 Sep 2009) | 28
lines
  
  Merged revisions 217806 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.4
  
  ........
    r217806 | dvossel | 2009-09-10 16:06:07 -0500 (Thu, 10 Sep 2009) | 22
lines
    
    IAX2 encryption regression
    
    The IAX2 Call Token security patch inadvertently broke the use of
    encryption due to the reorganization of code in the socket_process()
    function.  When encryption is used, an incoming full frame must first
    be decrypted before the information elements can be parsed.  The
    security release mistakenly moved IE parsing before decryption in
    order to process the new Call Token IE.  To resolve this, decryption
    of full frames is once again done before looking into the frame.  This
    involves searching for an existing callno, checking the pvt to see if
    encryption is turned on, and decrypting the packet before the internal
    fields of the full frame are accessed.
    
    (closes issue https://issues.asterisk.org/view.php?id=15834)
    Reported by: karesmakro
    Patches:
          iax2_encryption_fix_1.4.diff uploaded by dvossel (license 671)
    Tested by: dvossel, karesmakro
    
    Review: https://reviewboard.asterisk.org/r/355/
  ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=217821 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-09-10 16:22 svnbot         Checkin                                      
2009-09-10 16:22 svnbot         Note Added: 0110532                          
======================================================================




More information about the asterisk-bugs mailing list