From 2e6c200b274237d50117cf24acf64c0eb6326270 Mon Sep 17 00:00:00 2001 From: Jeff Peeler Date: Mon, 26 Oct 2009 19:41:30 +0000 Subject: [PATCH] Merged revisions 225912 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r225912 | jpeeler | 2009-10-26 14:40:26 -0500 (Mon, 26 Oct 2009) | 12 lines ACL check not present for verifying SIP INVITEs The ACL check in check_peer_ok was missing and has now been restored. The missing check allowed for calls to be made on prohibited networks where an ACL was defined in sip.conf and the allowguest option was set to off. See the AST security advisory below for more information. Merge code associated with AST-2009-007. (closes issue #16091) Reported by: thom4fun ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.1@225913 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_sip.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 4cb323686c..30503f8ed8 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -12913,7 +12913,11 @@ static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of, of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port)); return AUTH_DONT_KNOW; } - + if (!ast_apply_ha(peer->ha, sin)) { + ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of); + unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED"); + return AUTH_ACL_FAILED; + } if (debug) ast_verbose("Found peer '%s' for '%s' from %s:%d\n", peer->name, of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port)); -- 2.47.2