[asterisk-commits] tilghman: tag 1.6.0.3 r167315 - in /tags/1.6.0.3: ./ channels/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Jan 6 15:46:03 CST 2009
Author: tilghman
Date: Tue Jan 6 15:46:02 2009
New Revision: 167315
URL: http://svn.digium.com/view/asterisk?view=rev&rev=167315
Log:
Add security fix
Modified:
tags/1.6.0.3/.version
tags/1.6.0.3/ChangeLog
tags/1.6.0.3/channels/chan_iax2.c
Modified: tags/1.6.0.3/.version
URL: http://svn.digium.com/view/asterisk/tags/1.6.0.3/.version?view=diff&rev=167315&r1=167314&r2=167315
==============================================================================
--- tags/1.6.0.3/.version (original)
+++ tags/1.6.0.3/.version Tue Jan 6 15:46:02 2009
@@ -1,1 +1,1 @@
-1.6.0.3-rc1
+1.6.0.3
Modified: tags/1.6.0.3/ChangeLog
URL: http://svn.digium.com/view/asterisk/tags/1.6.0.3/ChangeLog?view=diff&rev=167315&r1=167314&r2=167315
==============================================================================
--- tags/1.6.0.3/ChangeLog (original)
+++ tags/1.6.0.3/ChangeLog Tue Jan 6 15:46:02 2009
@@ -1,3 +1,9 @@
+2009-01-06 Tilghman Lesher <tlesher at digium.com>
+
+ * Released 1.6.0.3
+
+ * channels/chan_iax2.c: Security fix AST-2009-001
+
2008-12-03 Tilghman Lesher <tlesher at digium.com>
* Released 1.6.0.3-rc1
Modified: tags/1.6.0.3/channels/chan_iax2.c
URL: http://svn.digium.com/view/asterisk/tags/1.6.0.3/channels/chan_iax2.c?view=diff&rev=167315&r1=167314&r2=167315
==============================================================================
--- tags/1.6.0.3/channels/chan_iax2.c (original)
+++ tags/1.6.0.3/channels/chan_iax2.c Tue Jan 6 15:46:02 2009
@@ -161,6 +161,7 @@
static int authdebug = 1;
static int autokill = 0;
static int iaxcompat = 0;
+static int last_authmethod = 0;
static int iaxdefaultdpcache=10 * 60; /* Cache dialplan entries for 10 minutes by default */
@@ -7078,23 +7079,34 @@
char challenge[10];
const char *peer_name;
int res = -1;
+ int sentauthmethod;
peer_name = ast_strdupa(iaxs[callno]->peer);
/* SLD: third call to find_peer in registration */
ast_mutex_unlock(&iaxsl[callno]);
- p = find_peer(peer_name, 1);
+ if (p = find_peer(peer_name, 1)) {
+ last_authmethod = p->authmethods;
+ }
+
ast_mutex_lock(&iaxsl[callno]);
if (!iaxs[callno])
goto return_unref;
- if (!p) {
+ if (!p && !delayreject) {
ast_log(LOG_WARNING, "No such peer '%s'\n", peer_name);
goto return_unref;
}
memset(&ied, 0, sizeof(ied));
- iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods);
- if (p->authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
+ /* The selection of which delayed reject is sent may leak information,
+ * if it sets a static response. For example, if a host is known to only
+ * use MD5 authentication, then an RSA response would indicate that the
+ * peer does not exist, and vice-versa.
+ * Therefore, we use whatever the last peer used (which may vary over the
+ * course of a server, which should leak minimal information). */
+ sentauthmethod = p ? p->authmethods : last_authmethod ? last_authmethod : (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT);
+ iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, sentauthmethod);
+ if (sentauthmethod & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
/* Build the challenge */
snprintf(challenge, sizeof(challenge), "%d", (int)ast_random());
ast_string_field_set(iaxs[callno], challenge, challenge);
More information about the asterisk-commits
mailing list