[asterisk-bugs] [JIRA] (ASTERISK-30007) chan_iax2: Prevent crashes due to attempted encryption with missing secrets
N A (JIRA)
noreply at issues.asterisk.org
Sat Apr 2 16:00:57 CDT 2022
N A created ASTERISK-30007:
------------------------------
Summary: chan_iax2: Prevent crashes due to attempted encryption with missing secrets
Key: ASTERISK-30007
URL: https://issues.asterisk.org/jira/browse/ASTERISK-30007
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Channels/chan_iax2
Affects Versions: 18.10.0
Environment: Debian
Reporter: N A
Severity: Critical
This fixes a crash that can occur in chan_iax2 when the remote peer *only* supports rsa auth but no outkey is specified when trying to dial the remote peer.
Additionally, this reduces the opportunity for similar crashes to happen in the future by explicitly checking to make sure that keys exist before enabling encryption since this has caused crashes in the past, e.g. https://issues.asterisk.org/jira/browse/ASTERISK-29264
This occurs because if for any reason encryption is attempted but keys do not exist, a segfault will occur.
In such cases, rather than crashing, a warning will be thrown and the call will exit.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list