[asterisk-dev] [Code Review] Add getnameinfo() to ast_sockaddr_resolve()

David Ruggles thedavidfactor at gmail.com
Tue May 3 16:55:57 CDT 2011


On Tue, May 3, 2011 at 5:05 PM, Benny Amorsen <benny+usenet at amorsen.dk>wrote:

> Simon Perreault <simon.perreault at viagenie.ca> writes:
>
> > An idea: we could apply a check (regex?) on the host name and warn if it
> > "strange", e.g. only digits.
>
> The challenge is that Asterisk has a syntax which does not make it clear
> whether you are trying to dial an existing peer or just an unknown
> IP/hostname. This causes security issues -- if a peer does not
> exist for some reason, e.g. a database problem with realtime, you risk
> that Asterisk makes a call to a device you do not control. The problem
> only gets larger whenever a new valid syntax is added to getaddrinfo and
> whenever a new top level domain is added.
>
> It also causes Asterisk to do unnecessary DNS lookups which can block
> Asterisk for an extended time if the DNS server is slow to respond.
>
> Unfortunately the only real solution is to change the syntax of Dial().
> This is not likely to happen.
>
>
> /Benny
>
> Not trying to butt in, but have been following this with interest.

What about adding a config option that requires all dial strings to be
existing or defined peers? If not defined and config option is set, reject
it instead of trying to resolve it. It seems like this could provide more
security and eliminated overhead of unexpected DNS queries.

Thanks!

David Ruggles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110503/2cf96733/attachment-0001.htm>


More information about the asterisk-dev mailing list