[asterisk-commits] bebuild: tag certified-1.8.15-cert3 r397823 - in /certified/tags/1.8.15-cert3...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Aug 27 14:22:20 CDT 2013 

Author: bebuild
Date: Tue Aug 27 14:22:17 2013
New Revision: 397823

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=397823
Log:
Merge changes for 1.8.15-cert2

* AST-2013-004
* AST-2013-005

Removed:
    certified/tags/1.8.15-cert3/certified-asterisk-1.8.15-cert2-summary.html
    certified/tags/1.8.15-cert3/certified-asterisk-1.8.15-cert2-summary.txt
Modified:
    certified/tags/1.8.15-cert3/   (props changed)
    certified/tags/1.8.15-cert3/.version
    certified/tags/1.8.15-cert3/ChangeLog
    certified/tags/1.8.15-cert3/channels/chan_sip.c

Propchange: certified/tags/1.8.15-cert3/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Propchange: certified/tags/1.8.15-cert3/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Aug 27 14:22:17 2013
@@ -1,2 +1,3 @@
 /branches/1.8:371919
 /certified/branches/1.8.11:376302
+/certified/branches/1.8.15:397754,397761

Modified: certified/tags/1.8.15-cert3/.version
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.15-cert3/.version?view=diff&rev=397823&r1=397822&r2=397823
==============================================================================
--- certified/tags/1.8.15-cert3/.version (original)
+++ certified/tags/1.8.15-cert3/.version Tue Aug 27 14:22:17 2013
@@ -1,1 +1,1 @@
-1.8.15-cert2
+1.8.15-cert3

Modified: certified/tags/1.8.15-cert3/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.15-cert3/ChangeLog?view=diff&rev=397823&r1=397822&r2=397823
==============================================================================
--- certified/tags/1.8.15-cert3/ChangeLog (original)
+++ certified/tags/1.8.15-cert3/ChangeLog Tue Aug 27 14:22:17 2013
@@ -1,3 +1,36 @@
+2013-08-27  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Certified Asterisk 1.8.15-cert3 Released.
+
+	* AST-2013-005: Remote crash from invalid SDP
+
+	If the SIP channel driver processes an invalid SDP that defines media
+	descriptions before connection information, it may attempt to
+	reference the socket address ifnormation even though that information
+	has not yet been set. This will cause a crash.
+
+	This patch adds checks when handling the various media descriptions
+	that ensures the media descriptions are handled only if we have
+	connection information suitable for that media.
+
+	Thanks to Walter Doekes, OSSO B.V., for reporting, testing, and
+	providng the solution to this problem.
+
+	* AST-2013-004: Fix crash when handling ACK on dialog that has no
+	channel
+
+	A remotely exploitable crash vulnerability exists in the SIP channel
+	driver if an ACK with SDP is received after the channel has been
+	terminated. The handling code incorrectly assumed that the channel
+	would always be present.
+
+	This patch adds a check such that the SDP will only be parsed and
+	applied if Asterisk has a channel present that is associated with the
+	dialog.
+
+	Note that the patch being applied was modified only slightly from the
+	patch provided by Walter Doekes of OSSO B.V.
+
 2013-03-27  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Certified Asterisk 1.8.15-cert2 Released.

Modified: certified/tags/1.8.15-cert3/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.15-cert3/channels/chan_sip.c?view=diff&rev=397823&r1=397822&r2=397823
==============================================================================
--- certified/tags/1.8.15-cert3/channels/chan_sip.c (original)
+++ certified/tags/1.8.15-cert3/channels/chan_sip.c Tue Aug 27 14:22:17 2013
@@ -9419,7 +9419,7 @@
 
 	/* Setup audio address and port */
 	if (p->rtp) {
-		if (portno > 0) {
+		if (sa && portno > 0) {
 			ast_sockaddr_set_port(sa, portno);
 			ast_rtp_instance_set_remote_address(p->rtp, sa);
 			if (debug) {
@@ -9466,7 +9466,7 @@
 
 	/* Setup video address and port */
 	if (p->vrtp) {
-		if (vportno > 0) {
+		if (vsa && vportno > 0) {
 			ast_sockaddr_set_port(vsa, vportno);
 			ast_rtp_instance_set_remote_address(p->vrtp, vsa);
 			if (debug) {
@@ -9483,7 +9483,7 @@
 
 	/* Setup text address and port */
 	if (p->trtp) {
-		if (tportno > 0) {
+		if (tsa && tportno > 0) {
 			ast_sockaddr_set_port(tsa, tportno);
 			ast_rtp_instance_set_remote_address(p->trtp, tsa);
 			if (debug) {
@@ -9506,7 +9506,7 @@
 
 	/* Setup image address and port */
 	if (p->udptl) {
-		if (udptlportno > 0) {
+		if (isa && udptlportno > 0) {
 			if (ast_test_flag(&p->flags[1], SIP_PAGE2_SYMMETRICRTP) && ast_test_flag(&p->flags[1], SIP_PAGE2_UDPTL_DESTINATION)) {
 				ast_rtp_instance_get_remote_address(p->rtp, isa);
 				if (!ast_sockaddr_isnull(isa) && debug) {
@@ -25955,7 +25955,7 @@
 			p->invitestate = INV_TERMINATED;
 			p->pendinginvite = 0;
 			acked = __sip_ack(p, seqno, 1 /* response */, 0);
-			if (find_sdp(req)) {
+			if (p->owner && find_sdp(req)) {
 				if (process_sdp(p, req, SDP_T38_NONE)) {
 					return -1;
 				}

More information about the asterisk-commits mailing list