[asterisk-bugs] [JIRA] (ASTERISK-20015) Device handling issues in skinny

[Damien Wedhorn (JIRA)]

     [ https://issues.asterisk.org/jira/browse/ASTERISK-20015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Damien Wedhorn closed ASTERISK-20015.
-------------------------------------

    Resolution: Suspended

Suspending as it doesn't appear to have been an issue in older releases and these changes are already included in 11 and trunk.
                
> Device handling issues in skinny
> --------------------------------
>
>                 Key: ASTERISK-20015
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20015
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_skinny
>    Affects Versions: 1.8.13.0, 10.6.0
>            Reporter: Damien Wedhorn
>            Assignee: Damien Wedhorn
>         Attachments: skinny.device-deref.ast10.diff, skinny.device-deref.ast1.8.diff
>
>
> Revised handling so that l->device is set on configuration rather than registration. This is in light of security issues identified with chan_skinny and ensures that dereferences of l->device are valid in respect of messages from a device (or program masquerading as a device). Tests of l->device are left in (although many would be redundant) and expanded to test for a valid session.
> Also rejects a registration if the device is already registered. The "attack" tools would through a registered device offline, this patch also forbids that.
> These changes (or equivalent) are already in trunk.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira