[asterisk-bugs] [JIRA] (ASTERISK-30007) chan_iax2: Prevent crashes due to attempted encryption with missing secrets

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Sat Apr 2 17:34:57 CDT 2022


     [ https://issues.asterisk.org/jira/browse/ASTERISK-30007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua C. Colp updated ASTERISK-30007:
--------------------------------------

    Status: Open  (was: Triage)

> chan_iax2: Prevent crashes due to attempted encryption with missing secrets
> ---------------------------------------------------------------------------
>
>                 Key: ASTERISK-30007
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30007
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_iax2
>    Affects Versions: 18.10.0
>         Environment: Debian
>            Reporter: N A
>            Severity: Critical
>
> This fixes a crash that can occur in chan_iax2 when the remote peer *only* supports rsa auth but no outkey is specified when trying to dial the remote peer.
> Additionally, this reduces the opportunity for similar crashes to happen in the future by explicitly checking to make sure that keys exist before enabling encryption since this has caused crashes in the past, e.g. https://issues.asterisk.org/jira/browse/ASTERISK-29264
> This occurs because if for any reason encryption is attempted but keys do not exist, a segfault will occur.
> In such cases, rather than crashing, a warning will be thrown and the call will exit.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list