[asterisk-commits] bebuild: tag 1.8.23.1 r397825 - in /tags/1.8.23.1: ./ channels/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Aug 27 14:23:28 CDT 2013 

Author: bebuild
Date: Tue Aug 27 14:23:25 2013
New Revision: 397825

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=397825
Log:
Merge changes for 1.8.23.1

* AST-2013-004
* AST-2013-005

Removed:
    tags/1.8.23.1/asterisk-1.8.23.0-summary.html
    tags/1.8.23.1/asterisk-1.8.23.0-summary.txt
Modified:
    tags/1.8.23.1/   (props changed)
    tags/1.8.23.1/.version
    tags/1.8.23.1/ChangeLog
    tags/1.8.23.1/channels/chan_sip.c

Propchange: tags/1.8.23.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Aug 27 14:23:25 2013
@@ -1,1 +1,1 @@
-/branches/1.8:391333
+/branches/1.8:391333,397710,397756

Modified: tags/1.8.23.1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.23.1/.version?view=diff&rev=397825&r1=397824&r2=397825
==============================================================================
--- tags/1.8.23.1/.version (original)
+++ tags/1.8.23.1/.version Tue Aug 27 14:23:25 2013
@@ -1,1 +1,1 @@
-1.8.23.0
+1.8.23.1

Modified: tags/1.8.23.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.23.1/ChangeLog?view=diff&rev=397825&r1=397824&r2=397825
==============================================================================
--- tags/1.8.23.1/ChangeLog (original)
+++ tags/1.8.23.1/ChangeLog Tue Aug 27 14:23:25 2013
@@ -1,3 +1,36 @@
+2013-08-27  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Asterisk 1.8.23.1 Released.
+
+	* AST-2013-005: Remote crash from invalid SDP
+
+	If the SIP channel driver processes an invalid SDP that defines media
+	descriptions before connection information, it may attempt to
+	reference the socket address ifnormation even though that information
+	has not yet been set. This will cause a crash.
+
+	This patch adds checks when handling the various media descriptions
+	that ensures the media descriptions are handled only if we have
+	connection information suitable for that media.
+
+	Thanks to Walter Doekes, OSSO B.V., for reporting, testing, and
+	providng the solution to this problem.
+
+	* AST-2013-004: Fix crash when handling ACK on dialog that has no
+	channel
+
+	A remotely exploitable crash vulnerability exists in the SIP channel
+	driver if an ACK with SDP is received after the channel has been
+	terminated. The handling code incorrectly assumed that the channel
+	would always be present.
+
+	This patch adds a check such that the SDP will only be parsed and
+	applied if Asterisk has a channel present that is associated with the
+	dialog.
+
+	Note that the patch being applied was modified only slightly from the
+	patch provided by Walter Doekes of OSSO B.V.
+
 2013-07-15  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Asterisk 1.8.23.0 Released.

Modified: tags/1.8.23.1/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.23.1/channels/chan_sip.c?view=diff&rev=397825&r1=397824&r2=397825
==============================================================================
--- tags/1.8.23.1/channels/chan_sip.c (original)
+++ tags/1.8.23.1/channels/chan_sip.c Tue Aug 27 14:23:25 2013
@@ -9721,7 +9721,7 @@
 
 	/* Setup audio address and port */
 	if (p->rtp) {
-		if (portno > 0) {
+		if (sa && portno > 0) {
 			ast_sockaddr_set_port(sa, portno);
 			ast_rtp_instance_set_remote_address(p->rtp, sa);
 			if (debug) {
@@ -9768,7 +9768,7 @@
 
 	/* Setup video address and port */
 	if (p->vrtp) {
-		if (vportno > 0) {
+		if (vsa && vportno > 0) {
 			ast_sockaddr_set_port(vsa, vportno);
 			ast_rtp_instance_set_remote_address(p->vrtp, vsa);
 			if (debug) {
@@ -9785,7 +9785,7 @@
 
 	/* Setup text address and port */
 	if (p->trtp) {
-		if (tportno > 0) {
+		if (tsa && tportno > 0) {
 			ast_sockaddr_set_port(tsa, tportno);
 			ast_rtp_instance_set_remote_address(p->trtp, tsa);
 			if (debug) {
@@ -9808,7 +9808,7 @@
 
 	/* Setup image address and port */
 	if (p->udptl) {
-		if (udptlportno > 0) {
+		if (isa && udptlportno > 0) {
 			if (ast_test_flag(&p->flags[1], SIP_PAGE2_SYMMETRICRTP) && ast_test_flag(&p->flags[1], SIP_PAGE2_UDPTL_DESTINATION)) {
 				ast_rtp_instance_get_remote_address(p->rtp, isa);
 				if (!ast_sockaddr_isnull(isa) && debug) {
@@ -26002,7 +26002,7 @@
 			p->invitestate = INV_TERMINATED;
 			p->pendinginvite = 0;
 			acked = __sip_ack(p, seqno, 1 /* response */, 0);
-			if (find_sdp(req)) {
+			if (p->owner && find_sdp(req)) {
 				if (process_sdp(p, req, SDP_T38_NONE)) {
 					return -1;
 				}

More information about the asterisk-commits mailing list