[Asterisk-code-review] chan sip: Add security event for calls to invalid extension. (asterisk[15])

Jenkins2 asteriskteam at digium.com
Mon Dec 18 09:06:11 CST 2017


Jenkins2 has submitted this change and it was merged. ( https://gerrit.asterisk.org/7591 )

Change subject: chan_sip: Add security event for calls to invalid extension.
......................................................................

chan_sip: Add security event for calls to invalid extension.

Log a message to security events when an INVITE is received to an
invalid extension.

ASTERISK-25869 #close

Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f
---
M CHANGES
M channels/chan_sip.c
2 files changed, 6 insertions(+), 0 deletions(-)

Approvals:
  Richard Mudgett: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved
  Jenkins2: Approved for Submit



diff --git a/CHANGES b/CHANGES
index 8a7fb31..7cfdede 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,11 @@
    Asterisk is compiled with the LOW_MEMORY compile time option enabled because
    the cache code does not exist.
 
+chan_sip
+------------------
+ * Calls to invalid extensions are now reported as an ACL failure security event
+   "no_extension_match".
+
 res_rtp_asterisk
 ------------------
  * The X.509 certificate used for DTLS negotation can now be automatically
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 4bae39d..b057300 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -26460,6 +26460,7 @@
 					ast_log(LOG_NOTICE, "Call from '%s' (%s) to extension"
 						" '%s' rejected because extension not found in context '%s'.\n",
 						S_OR(p->username, p->peername), ast_sockaddr_stringify(&p->recv), decoded_exten, p->context);
+					sip_report_failed_acl(p, "no_extension_match");
 				}
 				break;
 			case SIP_GET_DEST_REFUSED:

-- 
To view, visit https://gerrit.asterisk.org/7591
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: merged
Gerrit-Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f
Gerrit-Change-Number: 7591
Gerrit-PatchSet: 2
Gerrit-Owner: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171218/b39cfc85/attachment.html>


More information about the asterisk-code-review mailing list