From: Alexandr Anikin <may@telecom-service.ru>
Date: Tue, 30 Aug 2011 21:53:42 +0000 (+0000)
Subject: security fix. really drop call if signalling addr is not same as socket
X-Git-Tag: 10.0.0-beta2~89
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7adad5c8effd2c6a50fc1b626f9fee1a31483609;p=thirdparty%2Fasterisk.git

security fix. really drop call if signalling addr is not same as socket
addr


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@333962 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/addons/ooh323c/src/ooh323.c b/addons/ooh323c/src/ooh323.c
index 0c8f517fb1..08a4b1d1e4 100644
--- a/addons/ooh323c/src/ooh323.c
+++ b/addons/ooh323c/src/ooh323.c
@@ -371,7 +371,7 @@ int ooOnReceivedSetup(OOH323CallData *call, Q931Message *q931Msg)
    H225TransportAddress_ip6Address_ip *ip6 = NULL;
    Q931InformationElement* pDisplayIE=NULL;
    OOAliases *pAlias=NULL;
-   char remoteIP[2+8*4+7];
+   char remoteIP[2+8*4+7] = "";
 
    call->callReference = q931Msg->callReference;
  
@@ -529,6 +529,7 @@ int ooOnReceivedSetup(OOH323CallData *call, Q931Message *q931Msg)
      OOTRACEERR5("ERROR: Security denial remote sig IP isn't a socket ip, %s not %s "
 		     "(%s, %s)\n", remoteIP, call->remoteIP, call->callType, 
 		     call->callToken);
+     return OO_FAILED;
    }
    
    /* check for fast start */