[asterisk-dev] [asterisk-commits] twilson: trunk r270658 - /trunk/channels/chan_sip.c
Paul Belanger
paul.belanger at polybeacon.com
Wed Jun 16 06:35:18 CDT 2010
On Tue, Jun 15, 2010 at 4:18 PM, SVN commits to the Asterisk project
<asterisk-commits at lists.digium.com> wrote:
> Author: twilson
> Date: Tue Jun 15 15:18:04 2010
> New Revision: 270658
>
> URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=270658
> Log:
> Make contactdeny apply to src ip when nat=yes
>
> chan_sip's "contactdeny" feature screens the "to be registered contact".
> In case of nat=yes it should not use the address information from the
> Contact header (which is not used at all for routing), but the source
> IP address of the request.
>
> Thus, if nat=yes and a client sends a request from a denied IP address
> (e.g. by spoofing the src-IP address) it can bypass the screening.
>
> This commit makes contactdeny apply to the src ip when nat=yes instead.
>
> (closes issue #17276)
> Reported by: klaus3000
> Patches:
> patch-asterisk-trunk-contactdeny.txt uploaded by klaus3000 (license 65)
> Tested by: klaus3000
>
> Review: [full review board URL with trailing slash]
>
Trivial, but the Review URL is missing. I ran into this issue the
other day. Perhaps we can update mantis not to include the Review URL,
unless present, in the commit message template?
--
Paul Belanger | dCAP
Polybeacon | Consultant
Jabber: paul.belanger at polybeacon.com | IRC: pabelanger (Freenode)
blog.polybeacon.com
More information about the asterisk-dev
mailing list