[asterisk-dev] [Code Review] IAX2: encryption regression
Russell Bryant
russell at digium.com
Thu Sep 10 15:48:11 CDT 2009
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/358/#review1062
-----------------------------------------------------------
Ship it!
- Russell
On 2009-09-10 15:01:24, David Vossel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/358/
> -----------------------------------------------------------
>
> (Updated 2009-09-10 15:01:24)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> The IAX2 Call Token security release inadvertently broke the use of encryption due to the reorganization of code in the socket_process() function. When encryption is used, an incoming full frame must first be decrypted before the information elements can be parsed. The security release mistakenly moved IE parsing before decryption in order process the new Call Token IE. To resolve this, decryption of full frames is once again done before looking into the frame. This involves searching for an existing callno, checking the pvt to see if encryption is turned on, and decrypting the packet before the internal fields of the full frame are accessed.
>
>
> This addresses bug 15834.
> https://issues.asterisk.org/view.php?id=15834
>
>
> Diffs
> -----
>
> /trunk/channels/chan_iax2.c 217664
>
> Diff: https://reviewboard.asterisk.org/r/358/diff
>
>
> Testing
> -------
>
> verified both encrypted and unencrypted calls work.
>
>
> Thanks,
>
> David
>
>
More information about the asterisk-dev
mailing list