chan_sip.c: wrong peer searched in sip_report_security_event

In chan_sip, after handling an incoming invite a security event is raised
describing authorization (success, failure, etc...). However, it was doing
a lookup of the peer by extension. This is fine for register messages, but
in the case of an invite it may search and find the wrong peer, or a non
existent one (for instance, in the case of call pickup). Also, if the peers
are configured through realtime this may cause an unnecessary database lookup
when caching is enabled.

This patch makes it so that sip_report_security_event searches by IP address
when looking for a peer instead of by extension after an invite is processed.

ASTERISK-25320 #close

Change-Id: I9b3f11549efb475b6561c64f0e6da1a481d98bc4

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 1f45339e4b24b5390c10f8713e3870fa2194b617..bd3e31ee34951775f4701e6e32e6da2b3cb1a113 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -28107,7 +28107,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as
                res = handle_request_invite(p, req, addr, seqno, recount, e, nounlock);
 
                if (res < 9) {
-                       sip_report_security_event(p, req, res);
+                       sip_report_security_event(NULL, &p->recv, p, req, res);
                }
 
                switch (res) {
@@ -28146,7 +28146,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as
                break;
        case SIP_REGISTER:
                res = handle_request_register(p, req, addr, e);
-               sip_report_security_event(p, req, res);
+               sip_report_security_event(p->exten, NULL, p, req, res);
                break;
        case SIP_INFO:
                if (req->debug)

diff --git a/channels/sip/include/security_events.h b/channels/sip/include/security_events.h
index cee2fa707305cb19ca6de3665766976ccaeee5a9..1d0f58b4102fd8e2c1f0306dc3ec570e1ebe8344 100644 (file)
--- a/channels/sip/include/security_events.h
+++ b/channels/sip/include/security_events.h
@@ -38,6 +38,7 @@ void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *r
 void sip_report_chal_sent(const struct sip_pvt *p);
 void sip_report_inval_transport(const struct sip_pvt *p, const char *transport);
 void sip_digest_parser(char *c, struct digestkeys *keys);
-int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res);
+int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p,
+                             const struct sip_request *req, const int res);
 
 #endif

diff --git a/channels/sip/security_events.c b/channels/sip/security_events.c
index 691c5bde18cb996ec6e937d50e11acf818a2bc95..9f5d94f97c0d2b1423a2d4dd29576a3b26b63975 100644 (file)
--- a/channels/sip/security_events.c
+++ b/channels/sip/security_events.c
@@ -270,7 +270,8 @@ void sip_report_inval_transport(const struct sip_pvt *p, const char *transport)
         ast_security_event_report(AST_SEC_EVT(&inval_transport));
 }
 
-int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res) {
+int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p,
+                             const struct sip_request *req, const int res) {
 
        struct sip_peer *peer_report;
        enum check_auth_result res_report = res;
@@ -288,7 +289,7 @@ int sip_report_security_event(const struct sip_pvt *p, const struct sip_request
                [K_LAST]  = { NULL, NULL}
        };
 
-       peer_report = sip_find_peer(p->exten, NULL, TRUE, FINDPEERS, FALSE, 0);
+       peer_report = sip_find_peer(peer, addr, TRUE, FINDPEERS, FALSE, p->socket.type);
 
        switch(res_report) {
        case AUTH_DONT_KNOW: