[Asterisk-code-review] chan_iax2.c: Require secret if encryption is enabled (asterisk[16])

George Joseph asteriskteam at digium.com
Thu Jan 28 13:18:29 CST 2021 

George Joseph has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/15387 )


Change subject: chan_iax2.c: Require secret if encryption is enabled
......................................................................

chan_iax2.c: Require secret if encryption is enabled

If there's no secret specified for an iax2 peer and
there's no secret specified in the dial string,
Asterisk will crash if the authentication method is
either plaintext or md5 AND encryption is enabled
for the call.  There's a check now to cancel the
call if that happens.

ASTERISK-29624
Reported by: N A

Change-Id: I5928e16137581f7d383fcc7fa04ad96c919e6254
---
M channels/chan_iax2.c
1 file changed, 7 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/87/15387/1

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index b560065..908daf0 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -4589,6 +4589,7 @@
 	struct iax2_codec_pref prefs;
 	int maxtime;
 	int encmethods;
+	int authmethods;
 	int found;
 	int sockfd;
 	int adsi;
@@ -4664,6 +4665,7 @@
 	cai->maxtime = peer->maxms;
 	cai->capability = peer->capability;
 	cai->encmethods = peer->encmethods;
+	cai->authmethods = peer->authmethods;
 	cai->sockfd = peer->sockfd;
 	cai->adsi = peer->adsi;
 	cai->prefs = peer->prefs;
@@ -5118,6 +5120,11 @@
 		ast_channel_hangupcause_set(c, AST_CAUSE_BEARERCAPABILITY_NOTAVAIL);
 		return -1;
 	}
+	if (cai.encmethods && ast_strlen_zero(cai.secret) && ast_strlen_zero(pds.password) &&
+		((cai.authmethods & IAX_AUTH_MD5) || (cai.authmethods & IAX_AUTH_PLAINTEXT))) {
+		ast_log(LOG_WARNING, "Call terminated. No secret given and encryption enabled\n");
+		return -1;
+	}
 	if (ast_strlen_zero(cai.secret) && ast_test_flag64(iaxs[callno], IAX_FORCE_ENCRYPT)) {
 		ast_log(LOG_WARNING, "Call terminated. No secret given and force encrypt enabled\n");
 		return -1;

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15387
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-Change-Id: I5928e16137581f7d383fcc7fa04ad96c919e6254
Gerrit-Change-Number: 15387
Gerrit-PatchSet: 1
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20210128/4701ba55/attachment.html>

More information about the asterisk-code-review mailing list