[asterisk-commits] tilghman: tag 1.4.22.1 r167280 - in /tags/1.4.22.1: ./ channels/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Jan 6 15:26:38 CST 2009


Author: tilghman
Date: Tue Jan  6 15:26:37 2009
New Revision: 167280

URL: http://svn.digium.com/view/asterisk?view=rev&rev=167280
Log:
Security fix AST-2009-001

Modified:
    tags/1.4.22.1/.version
    tags/1.4.22.1/ChangeLog
    tags/1.4.22.1/channels/chan_iax2.c

Modified: tags/1.4.22.1/.version
URL: http://svn.digium.com/view/asterisk/tags/1.4.22.1/.version?view=diff&rev=167280&r1=167279&r2=167280
==============================================================================
--- tags/1.4.22.1/.version (original)
+++ tags/1.4.22.1/.version Tue Jan  6 15:26:37 2009
@@ -1,1 +1,1 @@
-1.4.22
+1.4.22.1

Modified: tags/1.4.22.1/ChangeLog
URL: http://svn.digium.com/view/asterisk/tags/1.4.22.1/ChangeLog?view=diff&rev=167280&r1=167279&r2=167280
==============================================================================
--- tags/1.4.22.1/ChangeLog (original)
+++ tags/1.4.22.1/ChangeLog Tue Jan  6 15:26:37 2009
@@ -1,3 +1,9 @@
+2009-01-06  Tilghman Lesher <tlesher at digium.com>
+
+	* Asterisk 1.4.22.1 released.
+
+	* channels/chan_iax2.c: Security fix AST-2009-01
+
 2008-10-01  Russell Bryant <russell at digium.com>
 
 	* Asterisk 1.4.22 released.

Modified: tags/1.4.22.1/channels/chan_iax2.c
URL: http://svn.digium.com/view/asterisk/tags/1.4.22.1/channels/chan_iax2.c?view=diff&rev=167280&r1=167279&r2=167280
==============================================================================
--- tags/1.4.22.1/channels/chan_iax2.c (original)
+++ tags/1.4.22.1/channels/chan_iax2.c Tue Jan  6 15:26:37 2009
@@ -155,6 +155,7 @@
 static int authdebug = 1;
 static int autokill = 0;
 static int iaxcompat = 0;
+static int last_authmethod = 0;
 
 static int iaxdefaultdpcache=10 * 60;	/* Cache dialplan entries for 10 minutes by default */
 
@@ -6309,23 +6310,34 @@
 	char challenge[10];
 	const char *peer_name;
 	int res = -1;
+	int sentauthmethod;
 
 	peer_name = ast_strdupa(iaxs[callno]->peer);
 
 	/* SLD: third call to find_peer in registration */
 	ast_mutex_unlock(&iaxsl[callno]);
-	p = find_peer(peer_name, 1);
+	if (p = find_peer(peer_name, 1)) {
+		last_authmethod = p->authmethods;
+	}
+
 	ast_mutex_lock(&iaxsl[callno]);
 	if (!iaxs[callno])
 		goto return_unref;
-	if (!p) {
+	if (!p && !delayreject) {
 		ast_log(LOG_WARNING, "No such peer '%s'\n", peer_name);
 		goto return_unref;
 	}
 	
 	memset(&ied, 0, sizeof(ied));
-	iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods);
-	if (p->authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
+	/* The selection of which delayed reject is sent may leak information,
+	 * if it sets a static response.  For example, if a host is known to only
+	 * use MD5 authentication, then an RSA response would indicate that the
+	 * peer does not exist, and vice-versa.
+	 * Therefore, we use whatever the last peer used (which may vary over the
+	 * course of a server, which should leak minimal information). */
+	sentauthmethod = p ? p->authmethods : last_authmethod ? last_authmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT);
+	iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, sentauthmethod);
+	if (sentauthmethod & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
 		/* Build the challenge */
 		snprintf(challenge, sizeof(challenge), "%d", (int)ast_random());
 		ast_string_field_set(iaxs[callno], challenge, challenge);




More information about the asterisk-commits mailing list