[asterisk-commits] jpeeler: branch 1.6.1 r225913 - in /branches/1.6.1: ./ channels/chan_sip.c

Mon Oct 26 14:41:35 CDT 2009

Author: jpeeler
Date: Mon Oct 26 14:41:30 2009
New Revision: 225913

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=225913
Log:
Merged revisions 225912 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

........
  r225912 | jpeeler | 2009-10-26 14:40:26 -0500 (Mon, 26 Oct 2009) | 12 lines
  
  ACL check not present for verifying SIP INVITEs 
  
  The ACL check in check_peer_ok was missing and has now been restored. The
  missing check allowed for calls to be made on prohibited networks where an ACL
  was defined in sip.conf and the allowguest option was set to off. See the AST
  security advisory below for more information.
  
  Merge code associated with AST-2009-007.
  
  (closes issue #16091)
  Reported by: thom4fun
........

Modified:
    branches/1.6.1/   (props changed)
    branches/1.6.1/channels/chan_sip.c

Propchange: branches/1.6.1/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.

Modified: branches/1.6.1/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.1/channels/chan_sip.c?view=diff&rev=225913&r1=225912&r2=225913
==============================================================================

--- branches/1.6.1/channels/chan_sip.c (original)
+++ branches/1.6.1/channels/chan_sip.c Mon Oct 26 14:41:30 2009
@@ -12913,7 +12913,11 @@
 				of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
 		return AUTH_DONT_KNOW;
 	}
-
+	if (!ast_apply_ha(peer->ha, sin)) {
+		ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of);
+		unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
+		return AUTH_ACL_FAILED;
+	}
 	if (debug)
 		ast_verbose("Found peer '%s' for '%s' from %s:%d\n",
 			peer->name, of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));


