git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Terry Wilson <twilson@digium.com>
	Tue, 15 Jun 2010 22:16:52 +0000 (22:16 +0000)
committer	Terry Wilson <twilson@digium.com>
	Tue, 15 Jun 2010 22:16:52 +0000 (22:16 +0000)
commit	28bcb07acce0b488440ae3583e25e0e14c1932cc
tree	399666bfec05d44fd1016e839a79b459498c4584	tree
parent	81d5b1d6a5a69b2ec114fabf0fd1b12a60a60822	commit \| diff

Merged revisions 270658 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

........
  r270658 | twilson | 2010-06-15 15:18:04 -0500 (Tue, 15 Jun 2010) | 20 lines

  Make contactdeny apply to src ip when nat=yes

  chan_sip's "contactdeny" feature screens the "to be registered contact".
  In case of nat=yes it should not use the address information from the
  Contact header (which is not used at all for routing), but the source
  IP address of the request.

  Thus, if nat=yes and a client sends a request from a denied IP address
  (e.g. by spoofing the src-IP address) it can bypass the screening.

  This commit makes contactdeny apply to the src ip when nat=yes instead.

  (closes issue #17276)
  Reported by: klaus3000
  Patches:
        patch-asterisk-trunk-contactdeny.txt uploaded by klaus3000 (license 65)
  Tested by: klaus3000

  Review: [full review board URL with trailing slash]
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.2@270693 65c4cc65-6c06-0410-ace0-fbb531ad65f3