[asterisk-commits] may: branch may/ooh323_ipv6 r294120 - in /team/may/ooh323_ipv6/addons: ./ ooh...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Sat Nov 6 13:43:39 CDT 2010


Author: may
Date: Sat Nov  6 13:43:34 2010
New Revision: 294120

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=294120
Log:
Multihomed support for both ipv4 and ipv6
Fix potential security hole for different signalling
and connection ip

Modified:
    team/may/ooh323_ipv6/addons/chan_ooh323.c
    team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c
    team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h
    team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c
    team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c
    team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c

Modified: team/may/ooh323_ipv6/addons/chan_ooh323.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/chan_ooh323.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/chan_ooh323.c (original)
+++ team/may/ooh323_ipv6/addons/chan_ooh323.c Sat Nov  6 13:43:34 2010
@@ -464,7 +464,7 @@
 static struct ooh323_pvt *ooh323_alloc(int callref, char *callToken) 
 {
 	struct ooh323_pvt *pvt = NULL;
-	struct ast_sockaddr tmp;
+	/* struct ast_sockaddr tmp; */
 	if (gH323Debug)
 		ast_verbose("---   ooh323_alloc\n");
 
@@ -476,7 +476,7 @@
 	ast_mutex_init(&pvt->lock);
 	ast_mutex_lock(&pvt->lock);
 
-	ast_sockaddr_copy(&tmp, &bindaddr);
+	/* ast_sockaddr_copy(&tmp, &bindaddr);
 	if (!(pvt->rtp = ast_rtp_instance_new("asterisk", sched, &tmp, NULL))) {
 		ast_log(LOG_WARNING, "Unable to create RTP session: %s\n", 
 				  strerror(errno));
@@ -495,9 +495,9 @@
 		ast_mutex_destroy(&pvt->lock);
 		ast_free(pvt);
 		return NULL;
-	}
-
-	ast_udptl_set_error_correction_scheme(pvt->udptl, UDPTL_ERROR_CORRECTION_NONE);
+	} 
+
+	ast_udptl_set_error_correction_scheme(pvt->udptl, UDPTL_ERROR_CORRECTION_NONE); */
 	pvt->faxmode = 0;
 	pvt->t38support = gT38Support;
 	pvt->rtptimeout = gRTPTimeout;
@@ -1799,7 +1799,11 @@
 
 	ooh323c_set_capability_for_call(call, &p->prefs, p->capability, p->dtmfmode, p->dtmfcodec,
 					 p->t38support);
-	configure_local_rtp(p, call);
+	if (!configure_local_rtp(p, call)) {
+		ast_mutex_unlock(&p->lock);
+		ast_log(LOG_ERROR, "Couldn't create rtp structure\n");
+		return -1;
+	}
 
 /* Incoming call */
   	c = ooh323_new(p, AST_STATE_RING, p->username, 0, NULL);
@@ -1807,7 +1811,7 @@
    	ast_mutex_unlock(&p->lock);
    	ast_log(LOG_ERROR, "Could not create ast_channel\n");
          return -1;
-  }
+  	}
 	ast_mutex_unlock(&p->lock);
 
 	if (gH323Debug)
@@ -1878,6 +1882,10 @@
 			ast_copy_string(call->rtpMaskStr, p->rtpmaskstr, sizeof(call->rtpMaskStr));
 		}
 
+		if (!configure_local_rtp(p, call)) {
+			return OO_FAILED;
+		}
+
 		ast_mutex_unlock(&p->lock);
 	}
 
@@ -1967,7 +1975,7 @@
       		ooh323c_set_capability_for_call(call, &p->prefs, p->capability, 
                                      p->dtmfmode, p->dtmfcodec, p->t38support);
 
-		configure_local_rtp(p, call);
+		/* configure_local_rtp(p, call); */
 		ast_mutex_unlock(&p->lock);
 	}
 
@@ -3899,6 +3907,25 @@
 	if (gH323Debug)
 		ast_verbose("---   configure_local_rtp\n");
 
+
+	if (ast_parse_arg(call->localIP, PARSE_ADDR, &tmp)) {
+		ast_sockaddr_copy(&tmp, &bindaddr);
+	}
+	if (!(p->rtp = ast_rtp_instance_new("asterisk", sched, &tmp, NULL))) {
+		ast_log(LOG_WARNING, "Unable to create RTP session: %s\n",
+			strerror(errno));
+		return 0;
+	}
+
+	ast_rtp_instance_set_qos(p->rtp, gTOS, 0, "ooh323-rtp");
+
+	if (!(p->udptl = ast_udptl_new_with_bindaddr(sched, io, 0, &tmp))) {
+		ast_log(LOG_WARNING, "Unable to create UDPTL session: %s\n",
+			strerror(errno));
+		return 0;
+	}
+
+
 	if (p->rtp) {
 		ast_rtp_codecs_packetization_set(ast_rtp_instance_get_codecs(p->rtp), p->rtp, &p->prefs);
 		if (p->dtmfmode & H323_DTMF_RFC2833 && p->dtmfcodec) {
@@ -3960,15 +3987,15 @@
 		ast_udptl_get_us(p->udptl, &tmp);
 		strncpy(lhost, ast_sockaddr_stringify_addr(&tmp), sizeof(lhost));
 		lport = ast_sockaddr_stringify_port(&tmp);
-	}
-	ast_copy_string(mediaInfo.lMediaIP, lhost, sizeof(mediaInfo.lMediaIP));
-	mediaInfo.lMediaPort = atoi(lport);
-	mediaInfo.lMediaCntrlPort = mediaInfo.lMediaPort +1;
-	mediaInfo.cap = OO_T38;
-	strcpy(mediaInfo.dir, "transmit");
-	ooAddMediaInfo(call, mediaInfo);
-	strcpy(mediaInfo.dir, "receive");
-	ooAddMediaInfo(call, mediaInfo);
+		ast_copy_string(mediaInfo.lMediaIP, lhost, sizeof(mediaInfo.lMediaIP));
+		mediaInfo.lMediaPort = atoi(lport);
+		mediaInfo.lMediaCntrlPort = mediaInfo.lMediaPort +1;
+		mediaInfo.cap = OO_T38;
+		strcpy(mediaInfo.dir, "transmit");
+		ooAddMediaInfo(call, mediaInfo);
+		strcpy(mediaInfo.dir, "receive");
+		ooAddMediaInfo(call, mediaInfo);
+	}
 
 	if (gH323Debug)
 		ast_verbose("+++   configure_local_rtp\n");

Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c Sat Nov  6 13:43:34 2010
@@ -330,7 +330,7 @@
    if(ret != 0)
       return ASN_E_INVSOCKET;
 
-   host = ast_sockaddr_stringify_host(&addr);
+   host = ast_sockaddr_stringify_addr(&addr);
 
    if(host && strlen(host) < (unsigned)len)
       strcpy(ip, host);   
@@ -355,9 +355,10 @@
 }
 
 int ooSocketAccept (OOSOCKET socket, OOSOCKET *pNewSocket, 
-                    OOIPADDR* destAddr, int* destPort) 
+                    char* destAddr, int* destPort) 
 {
    struct ast_sockaddr addr;
+   char* host = NULL;
 
    if (socket == OOSOCKET_INVALID) return ASN_E_INVSOCKET;
    if (pNewSocket == 0) return ASN_E_INVPARAM;
@@ -365,8 +366,10 @@
    *pNewSocket = ast_accept (socket, &addr);
    if (*pNewSocket <= 0) return ASN_E_INVSOCKET;
 
-   if (destAddr != 0) 
-      *destAddr = addr;
+   if (destAddr != 0) {
+      if ((host = ast_sockaddr_stringify_addr(&addr)) != NULL);
+      	strncpy(destAddr, host, strlen(host));
+   }
    if (destPort != 0)
       *destPort =  ast_sockaddr_port(&addr);
 

Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h Sat Nov  6 13:43:34 2010
@@ -116,7 +116,7 @@
  *                     negative return value is error.
  */
 EXTERN int ooSocketAccept (OOSOCKET socket, OOSOCKET *pNewSocket, 
-                             OOIPADDR* destAddr, int* destPort);
+                             char* destAddr, int* destPort);
 
 /**
  * This function converts an IP address to its string representation.

Modified: team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c Sat Nov  6 13:43:34 2010
@@ -308,12 +308,12 @@
                       "(%s, %s)\n", call->callType, call->callToken);
 
          /* If multihomed, get ip from socket */
-         if(!strcmp(call->localIP, "0.0.0.0"))
+         if(!strcmp(call->localIP, "0.0.0.0") || !strcmp(call->localIP, "::"))
          {
             OOTRACEDBGA3("Determining IP address for outgoing call in "
                          "multihomed mode. (%s, %s)\n", call->callType, 
                           call->callToken);
-            ret = ooSocketGetIpAndPort(channelSocket, call->localIP, 20, 
+            ret = ooSocketGetIpAndPort(channelSocket, call->localIP, 2+8*4+7, 
                                        &call->pH225Channel->port);
             if(ret != ASN_OK)
             {
@@ -407,9 +407,12 @@
    OOH323CallData * call;
    int ret;
    char callToken[20];
+   char remoteIP[2+8*4+7];
    OOSOCKET h225Channel=0;
+
+   memset(remoteIP, 0, sizeof(remoteIP));
    ret = ooSocketAccept (*(gH323ep.listener), &h225Channel, 
-                         NULL, NULL);
+                         remoteIP, NULL);
    if(ret != ASN_OK)
    {
       OOTRACEERR1("Error:Accepting h225 connection\n");
@@ -431,12 +434,12 @@
    call->pH225Channel->sock = h225Channel;
 
    /* If multihomed, get ip from socket */
-   if(!strcmp(call->localIP, "0.0.0.0"))
+   if(!strcmp(call->localIP, "0.0.0.0") || !strcmp(call->localIP,"::"))
    {
       OOTRACEDBGA3("Determining IP address for incoming call in multihomed "
                    "mode (%s, %s)\n", call->callType, call->callToken);
 
-      ret = ooSocketGetIpAndPort(h225Channel, call->localIP, 20, 
+      ret = ooSocketGetIpAndPort(h225Channel, call->localIP, 2+8*4+7, 
                                        &call->pH225Channel->port);
       if(ret != ASN_OK)
       {
@@ -454,6 +457,10 @@
       OOTRACEDBGA4("Using Local IP address %s for incoming call in multihomed "
                    "mode. (%s, %s)\n", call->localIP, call->callType, 
                     call->callToken);
+   }
+
+   if (remoteIP[0]) {
+	strncpy(call->remoteIP, remoteIP, strlen(remoteIP));
    }
    
    ast_mutex_unlock(&call->Lock);

Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c Sat Nov  6 13:43:34 2010
@@ -357,6 +357,7 @@
    H225TransportAddress_ip6Address_ip *ip6 = NULL;
    Q931InformationElement* pDisplayIE=NULL;
    OOAliases *pAlias=NULL;
+   char remoteIP[2+8*4+7];
 
    call->callReference = q931Msg->callReference;
  
@@ -502,7 +503,7 @@
       }
 
       ip6 = &setup->sourceCallSignalAddress.u.ip6Address->ip;
-      inet_ntop(AF_INET6, ip6->data, call->remoteIP, INET6_ADDRSTRLEN);
+      inet_ntop(AF_INET6, ip6->data, remoteIP, INET6_ADDRSTRLEN);
       call->remotePort =  setup->sourceCallSignalAddress.u.ip6Address->port;
      } else {
       if(setup->sourceCallSignalAddress.t != T_H225TransportAddress_ipAddress)
@@ -513,10 +514,16 @@
       }
 
       ip = &setup->sourceCallSignalAddress.u.ipAddress->ip;
-      sprintf(call->remoteIP, "%d.%d.%d.%d", ip->data[0], ip->data[1], 
+      sprintf(remoteIP, "%d.%d.%d.%d", ip->data[0], ip->data[1], 
                                              ip->data[2], ip->data[3]);
       call->remotePort =  setup->sourceCallSignalAddress.u.ipAddress->port;
      }
+   }
+
+   if (strncmp(remoteIP, call->remoteIP, strlen(remoteIP))) {
+     OOTRACEERR5("ERROR: Security denial remote IP isn't a socket ip, %s not %s "
+		     "(%s, %s)\n", remoteIP, call->remoteIP, call->callType, 
+		     call->callToken);
    }
    
    /* check for fast start */

Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c Sat Nov  6 13:43:34 2010
@@ -2304,7 +2304,16 @@
 
       if(gH323ep.h323Callbacks.onOutgoingCall) {
          /* Outgoing call callback function */
-         gH323ep.h323Callbacks.onOutgoingCall(call);
+         if (gH323ep.h323Callbacks.onOutgoingCall(call) != OO_OK) {
+           OOTRACEERR3("ERROR:Failed to setup media to (%s,%d)\n", 
+		      call->callType, call->callToken);
+           if(call->callState< OO_CALL_CLEAR)
+           {
+             call->callState = OO_CALL_CLEAR;
+             call->callEndReason = OO_REASON_UNKNOWN;
+           }
+           return OO_FAILED;
+	 }
       }
       
       ret = ooH323MakeCall_helper(call);




More information about the asterisk-commits mailing list