[asterisk-bugs] [JIRA] (ASTERISK-30007) chan_iax2: Prevent crashes due to attempted encryption with missing secrets

Friendly Automation (JIRA) noreply at issues.asterisk.org
Mon May 2 08:58:40 CDT 2022


    [ https://issues.asterisk.org/jira/browse/ASTERISK-30007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=259057#comment-259057 ] 

Friendly Automation commented on ASTERISK-30007:
------------------------------------------------

Change 18363 merged by Joshua Colp:
chan_iax2: Prevent crash if dialing RSA-only call without outkey.

[https://gerrit.asterisk.org/c/asterisk/+/18363|https://gerrit.asterisk.org/c/asterisk/+/18363]

> chan_iax2: Prevent crashes due to attempted encryption with missing secrets
> ---------------------------------------------------------------------------
>
>                 Key: ASTERISK-30007
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30007
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_iax2
>    Affects Versions: 18.10.0
>         Environment: Debian
>            Reporter: N A
>            Assignee: N A
>            Severity: Critical
>
> This fixes a crash that can occur in chan_iax2 when the remote peer *only* supports rsa auth but no outkey is specified when trying to dial the remote peer.
> Additionally, this reduces the opportunity for similar crashes to happen in the future by explicitly checking to make sure that keys exist before enabling encryption since this has caused crashes in the past, e.g. https://issues.asterisk.org/jira/browse/ASTERISK-29264
> This occurs because if for any reason encryption is attempted but keys do not exist, a segfault will occur.
> In such cases, rather than crashing, a warning will be thrown and the call will exit.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list