[Asterisk-Users] H.323 ASN.1 Vulnerabilities: Request for "official" patch!

Jim Rosenberg jr at amanue.com
Wed Mar 3 19:58:52 MST 2004


> See the existing discussion on this

Ditto.

IT DOES NOT WORK. Compiles, but no calls go through. I asked you to post 
your exact versions of all components, but I don't believe you did this. I 
have not been able to get it to work with Asterisk 0.7.2. Just because 
*YOU* got it to work on your particular system does not mean the problem is 
solved.

If there is a way to get it to work reliably:

1. Please post complete details

2. Someone update asterisk.org with correct information.

I believe it is correct that there is no "official" response on this from 
Asterisk to what many people consider a "critcal" security issue. "Read the 
archives" is nice, but really, the "default" Asterisk should be fixed. And 
the fix needs to be tested on a variety of systems, too.

I tried your exact version of pwlib, and have not been able to get a 
*SINGLE* call to work.

> See the existing discussion on this

Ahem. I posted pretty thorough details on what wasn't working ... Please 
respond so that the "discussion" can -- uh -- exist ...

-T.i.A., Jim

[Apologies for bandwidth-wasting inclusion below -- I'm reposting since 
someone thinks this discussion has been "settled" ...]

> On Thu, Feb 26, 2004 at 09:18:45AM +0800, LEOLCH at hgc.com.hk wrote:
>> In the Makefile inside asterisk/channels/h323 directory, there's a line
>> like this:
>> CFLAGS += -I$(PWLIBDIR)/include/ptlib/unix -I$(PWLIBDIR)/include
>>
>> try to use "-I$(PWLIBDIR)/include" ONLY, it should work.  I've compiled
>> it with pwlib 1_6_2, which works fine
>>
>> leo
>
> Sigh. I am having a very rough time here. Could you please post exactly
> which versions of Asterisk and OpenH323 you used? When I use your advice
> above I get a successful build, but I haven't got a single call to
> actually *work* through H.323. Here are my results (all trials are
> Asterisk 0.7.2):
>
> OpenH323 1.13.0 / Pwlib 1.6.0: Asterisk segfaults when it gets an H.323
> call.
>
> OpenH323 1.13.2 / Pwlib 1.6.3: Channel won't load, there's an unresolved
> symbol.
>
> OpenH323 1.13.2 / Pwlib 1.6.2: Asterisk appears to be fully stable. As far
> as Asterisk is concerned, everything works: calls are made, answered,
> bridged, all looks fine from the console. But nothing is actually making
> it *back* through H.323 from the Asterisk end. When I call Asterisk
> through H.323, Asterisk thinks things are fine, but from the calling end
> it thinks no one answered. When I call from the Asterisk end, I never hear
> anything that sounds like an answer.
>
> Now this looks *VERY* familiar. It sure is like the H.323 problems I had
> right at first until I caught on to using *only* G.711 A-law. Once I
> started making sure everyone was on ALAW, H.323 starting working fine
> (except for DTMF, but that's a subject for a new thread ...)




More information about the asterisk-users mailing list