[asterisk-commits] tilghman: tag 1.4.23.1 r170642 - in /tags/1.4.23.1: ./ channels/

[SVN commits to the Asterisk project]

Author: tilghman
Date: Fri Jan 23 13:50:01 2009
New Revision: 170642

URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=170642
Log:
Additional fixes for AST-2009-001

Modified:
    tags/1.4.23.1/ChangeLog
    tags/1.4.23.1/channels/chan_iax2.c

Modified: tags/1.4.23.1/ChangeLog
URL: http://svn.digium.com/svn-view/asterisk/tags/1.4.23.1/ChangeLog?view=diff&rev=170642&r1=170641&r2=170642
==============================================================================
--- tags/1.4.23.1/ChangeLog (original)
+++ tags/1.4.23.1/ChangeLog Fri Jan 23 13:50:01 2009
@@ -1,3 +1,10 @@
+2009-01-23  Tilghman Lesher <tlesher at digium.com>
+
+	* Asterisk 1.4.23.1 released.
+
+	* channels/chan_iax2.c: Regression fix for AST-2009-001 security
+	fix.
+
 2009-01-21  Leif Madsen <lmadsen at digium.com>
 
 	* Asterisk 1.4.23 released.

Modified: tags/1.4.23.1/channels/chan_iax2.c
URL: http://svn.digium.com/svn-view/asterisk/tags/1.4.23.1/channels/chan_iax2.c?view=diff&rev=170642&r1=170641&r2=170642
==============================================================================
--- tags/1.4.23.1/channels/chan_iax2.c (original)
+++ tags/1.4.23.1/channels/chan_iax2.c Fri Jan 23 13:50:01 2009
@@ -5607,6 +5607,9 @@
 	p = find_peer(peer, 1);
 	ast_mutex_lock(&iaxsl[callno]);
 	if (!p || !iaxs[callno]) {
+		if (iaxs[callno]) {
+			ast_string_field_set(iaxs[callno], secret, "badsecret");
+		}
 		if (authdebug && !p)
 			ast_log(LOG_NOTICE, "No registration for peer '%s' (from %s)\n", peer, ast_inet_ntoa(sin->sin_addr));
 		goto return_unref;
@@ -5686,21 +5689,24 @@
 			goto return_unref;
 		} else
 			ast_set_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED);
-	} else if (!ast_strlen_zero(md5secret) || !ast_strlen_zero(secret)) {
-		if (authdebug)
-			ast_log(LOG_NOTICE, "Inappropriate authentication received\n");
+	} else if (!ast_strlen_zero(iaxs[callno]->secret) || !ast_strlen_zero(iaxs[callno]->inkeys)) {
+		if (authdebug &&
+			((!ast_strlen_zero(iaxs[callno]->secret) && (p->authmethods & IAX_AUTH_MD5) && !ast_strlen_zero(iaxs[callno]->challenge)) ||
+			 (!ast_strlen_zero(iaxs[callno]->inkeys) && (p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(iaxs[callno]->challenge)))) {
+			ast_log(LOG_NOTICE, "Inappropriate authentication received for '%s'\n", p->name);
+		} /* ELSE this is the first time through and no challenge exists, so it's not quite yet a failure. */
 		goto return_unref;
 	}
+	ast_device_state_changed("IAX2/%s", p->name); /* Activate notification */
+
+return_unref:
 	ast_string_field_set(iaxs[callno], peer, peer);
 	/* Choose lowest expiry number */
 	if (expire && (expire < iaxs[callno]->expiry)) 
 		iaxs[callno]->expiry = expire;
 
-	ast_device_state_changed("IAX2/%s", p->name); /* Activate notification */
-
 	res = 0;
 
-return_unref:
 	if (p)
 		peer_unref(p);
 
@@ -6376,7 +6382,6 @@
 	struct iax2_peer *p;
 	char challenge[10];
 	const char *peer_name;
-	int res = -1;
 	int sentauthmethod;
 
 	peer_name = ast_strdupa(iaxs[callno]->peer);
@@ -6390,11 +6395,7 @@
 	ast_mutex_lock(&iaxsl[callno]);
 	if (!iaxs[callno])
 		goto return_unref;
-	if (!p && !delayreject) {
-		ast_log(LOG_WARNING, "No such peer '%s'\n", peer_name);
-		goto return_unref;
-	}
-	
+
 	memset(&ied, 0, sizeof(ied));
 	/* The selection of which delayed reject is sent may leak information,
 	 * if it sets a static response.  For example, if a host is known to only
@@ -6412,12 +6413,12 @@
 	}
 	iax_ie_append_str(&ied, IAX_IE_USERNAME, peer_name);
 
-	res = 0;
-
 return_unref:
-	peer_unref(p);
-
-	return res ? res : send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);;
+	if (p) {
+		peer_unref(p);
+	}
+
+	return iaxs[callno] ? send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1) : -1;
 }
 
 static int registry_rerequest(struct iax_ies *ies, int callno, struct sockaddr_in *sin)