From: Tilghman Lesher Date: Tue, 6 Jan 2009 20:44:03 +0000 (+0000) Subject: Security fix AST-2009-001. X-Git-Tag: 1.2.31~2^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ed56df62c0beff4ad85ff3ccf2f74ae3c959086;p=thirdparty%2Fasterisk.git Security fix AST-2009-001. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@167259 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 5a4a55806c..5ce8be1d86 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -164,6 +164,7 @@ static int trunkfreq = 20; static int authdebug = 1; static int autokill = 0; static int iaxcompat = 0; +static int lastauthmethod = 0; static int iaxdefaultdpcache=10 * 60; /* Cache dialplan entries for 10 minutes by default */ @@ -6087,23 +6088,34 @@ static int registry_authrequest(char *name, int callno) { struct iax_ie_data ied; struct iax2_peer *p; + int authmethods; + + if (!iaxs[callno]) { + return 0; + } + /* SLD: third call to find_peer in registration */ - p = find_peer(name, 1); - if (p) { - memset(&ied, 0, sizeof(ied)); - iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods); - if (p->authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) { - /* Build the challenge */ - snprintf(iaxs[callno]->challenge, sizeof(iaxs[callno]->challenge), "%d", rand()); - iax_ie_append_str(&ied, IAX_IE_CHALLENGE, iaxs[callno]->challenge); - } - iax_ie_append_str(&ied, IAX_IE_USERNAME, name); - if (ast_test_flag(p, IAX_TEMPONLY)) - destroy_peer(p); - return send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);; - } - ast_log(LOG_WARNING, "No such peer '%s'\n", name); - return 0; + if ((p = find_peer(name, 1))) { + lastauthmethod = p->authmethods; + } + + authmethods = p ? p->authmethods : lastauthmethod ? lastauthmethod : (IAX_AUTH_PLAINTEXT | IAX_AUTH_MD5); + if (p && ast_test_flag(p, IAX_TEMPONLY)) { + destroy_peer(p); + } else if (!delayreject) { + ast_log(LOG_WARNING, "No such peer '%s'\n", name); + return 0; + } + + memset(&ied, 0, sizeof(ied)); + iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods); + if (authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) { + /* Build the challenge */ + snprintf(iaxs[callno]->challenge, sizeof(iaxs[callno]->challenge), "%d", rand()); + iax_ie_append_str(&ied, IAX_IE_CHALLENGE, iaxs[callno]->challenge); + } + iax_ie_append_str(&ied, IAX_IE_USERNAME, name); + return send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);; } static int registry_rerequest(struct iax_ies *ies, int callno, struct sockaddr_in *sin)