[asterisk-bugs] [JIRA] (ASTERISK-30007) chan_iax2: Prevent crashes due to attempted encryption with missing secrets
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Wed Sep 14 10:16:14 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-30007:
-------------------------------------
Target Release Version/s: 20.0.0
> chan_iax2: Prevent crashes due to attempted encryption with missing secrets
> ---------------------------------------------------------------------------
>
> Key: ASTERISK-30007
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30007
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_iax2
> Affects Versions: 18.10.0
> Environment: Debian
> Reporter: N A
> Assignee: N A
> Severity: Critical
> Target Release: 16.26.0, 18.12.0, 19.4.0, 20.0.0
>
>
> This fixes a crash that can occur in chan_iax2 when the remote peer *only* supports rsa auth but no outkey is specified when trying to dial the remote peer.
> Additionally, this reduces the opportunity for similar crashes to happen in the future by explicitly checking to make sure that keys exist before enabling encryption since this has caused crashes in the past, e.g. https://issues.asterisk.org/jira/browse/ASTERISK-29264
> This occurs because if for any reason encryption is attempted but keys do not exist, a segfault will occur.
> In such cases, rather than crashing, a warning will be thrown and the call will exit.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list