[asterisk-bugs] [Asterisk 0015834]: [patch] iax2 encryption failed on asterisk 1.4.26.2

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Sep 10 17:22:15 CDT 2009


A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=15834 
====================================================================== 
Reported By:                karesmakro
Assigned To:                dvossel
====================================================================== 
Project:                    Asterisk
Issue ID:                   15834
Category:                   Channels/chan_iax2
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Target Version:             1.4.27
Asterisk Version:           1.4.26.2 
Regression:                 Yes 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-09-04 13:31 CDT
Last Modified:              2009-09-10 17:22 CDT
====================================================================== 
Summary:                    [patch] iax2 encryption failed on asterisk 1.4.26.2
Description: 
I installed new asterisk 1.4.26.2 release as recommended, because of iax2
security issues and added the new options with come with new release.
Problem is, if encryption is enabled, I always get following error
message:
"host xxx.xxx.xxx.xxx failed to authenticate as 7100"
As I miss something? If encryption is disabled, call can be placed without
any problem!
In earlier version (asterisk-1.4.26.1) it worked perfectly!

If I disable encryption on server and enable on client side, I get message
like "decryption failed" as expectet.

====================================================================== 

---------------------------------------------------------------------- 
 (0110544) svnbot (reporter) - 2009-09-10 17:22
 https://issues.asterisk.org/view.php?id=15834#c110544 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 217887

U   branches/1.2/channels/chan_iax2.c

------------------------------------------------------------------------
r217887 | dvossel | 2009-09-10 17:22:14 -0500 (Thu, 10 Sep 2009) | 24
lines

IAX2 encryption regression

The IAX2 Call Token security patch inadvertently broke the use of
encryption due to the reorganization of code in the socket_process()
function.  When encryption is used, an incoming full frame must first
be decrypted before the information elements can be parsed.  The
security release mistakenly moved IE parsing before decryption in
order to process the new Call Token IE.  To resolve this, decryption
of full frames is once again done before looking into the frame.  This
involves searching for an existing callno, checking the pvt to see if
encryption is turned on, and decrypting the packet before the internal
fields of the full frame are accessed.

associated with AST-2009-006

(closes issue https://issues.asterisk.org/view.php?id=15834)
Reported by: karesmakro
Patches:
      iax2_encryption_fix_1.4.diff uploaded by dvossel (license 671)
Tested by: dvossel, karesmakro

Review: https://reviewboard.asterisk.org/r/355/


------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=217887 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-09-10 17:22 svnbot         Checkin                                      
2009-09-10 17:22 svnbot         Note Added: 0110544                          
======================================================================




More information about the asterisk-bugs mailing list