[asterisk-commits] chan sip.c: wrong peer searched in sip report security event (asterisk[certified/11.6])
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Aug 13 17:35:37 CDT 2015
Mark Michelson has submitted this change and it was merged.
Change subject: chan_sip.c: wrong peer searched in sip_report_security_event
......................................................................
chan_sip.c: wrong peer searched in sip_report_security_event
In chan_sip, after handling an incoming invite a security event is raised
describing authorization (success, failure, etc...). However, it was doing
a lookup of the peer by extension. This is fine for register messages, but
in the case of an invite it may search and find the wrong peer, or a non
existent one (for instance, in the case of call pickup). Also, if the peers
are configured through realtime this may cause an unnecessary database lookup
when caching is enabled.
This patch makes it so that sip_report_security_event searches by IP address
when looking for a peer instead of by extension after an invite is processed.
ASTERISK-25320 #close
Change-Id: I9b3f11549efb475b6561c64f0e6da1a481d98bc4
---
M channels/chan_sip.c
M channels/sip/include/security_events.h
M channels/sip/security_events.c
3 files changed, 7 insertions(+), 5 deletions(-)
Approvals:
Mark Michelson: Looks good to me, approved
Joshua Colp: Looks good to me, but someone else must approve; Verified
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index f678075..f6a6b31 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -28138,7 +28138,7 @@
res = handle_request_invite(p, req, addr, seqno, recount, e, nounlock);
if (res < 9) {
- sip_report_security_event(p, req, res);
+ sip_report_security_event(NULL, &p->recv, p, req, res);
}
switch (res) {
@@ -28177,7 +28177,7 @@
break;
case SIP_REGISTER:
res = handle_request_register(p, req, addr, e);
- sip_report_security_event(p, req, res);
+ sip_report_security_event(p->exten, NULL, p, req, res);
break;
case SIP_INFO:
if (req->debug)
diff --git a/channels/sip/include/security_events.h b/channels/sip/include/security_events.h
index cee2fa7..1d0f58b 100644
--- a/channels/sip/include/security_events.h
+++ b/channels/sip/include/security_events.h
@@ -38,6 +38,7 @@
void sip_report_chal_sent(const struct sip_pvt *p);
void sip_report_inval_transport(const struct sip_pvt *p, const char *transport);
void sip_digest_parser(char *c, struct digestkeys *keys);
-int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res);
+int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p,
+ const struct sip_request *req, const int res);
#endif
diff --git a/channels/sip/security_events.c b/channels/sip/security_events.c
index 77dfa2e..15eaea2 100644
--- a/channels/sip/security_events.c
+++ b/channels/sip/security_events.c
@@ -285,7 +285,8 @@
ast_security_event_report(AST_SEC_EVT(&inval_transport));
}
-int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res) {
+int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p,
+ const struct sip_request *req, const int res) {
struct sip_peer *peer_report;
enum check_auth_result res_report = res;
@@ -303,7 +304,7 @@
[K_LAST] = { NULL, NULL}
};
- peer_report = sip_find_peer(p->exten, NULL, TRUE, FINDPEERS, FALSE, 0);
+ peer_report = sip_find_peer(peer, addr, TRUE, FINDPEERS, FALSE, p->socket.type);
switch(res_report) {
case AUTH_DONT_KNOW:
--
To view, visit https://gerrit.asterisk.org/1081
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9b3f11549efb475b6561c64f0e6da1a481d98bc4
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: certified/11.6
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>
More information about the asterisk-commits
mailing list