]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
projects / thirdparty / asterisk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 07741a3)
Merged revisions 159245 via svnmerge from
authorTilghman Lesher <tilghman@meg.abyt.es>
Tue, 25 Nov 2008 21:40:28 +0000 (21:40 +0000)
committerTilghman Lesher <tilghman@meg.abyt.es>
Tue, 25 Nov 2008 21:40:28 +0000 (21:40 +0000)
https://origsvn.digium.com/svn/asterisk/branches/1.2

........
  r159245 | tilghman | 2008-11-25 15:37:06 -0600 (Tue, 25 Nov 2008) | 7 lines

  Regression fix for last security fix.  Set the iseqno correctly.
  (closes issue #13918)
   Reported by: ffloimair
   Patches:
         20081119__bug13918.diff.txt uploaded by Corydon76 (license 14)
   Tested by: ffloimair
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@159246 65c4cc65-6c06-0410-ace0-fbb531ad65f3

channels/chan_iax2.c patch | blob | blame | history

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 6d9aa82f05dc78dd5f5aeea5aa344b0b6ce31ce7..239aef1aa43d83f173a5bc5e50551b52f6b19c95 100644 (file)
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -3225,7 +3225,7 @@ struct parsed_dial_string {
 static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
 {
        struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
-               .ts = htonl(ts), .iseqno = seqno, .oseqno = seqno, .type = AST_FRAME_IAX,
+               .ts = htonl(ts), .iseqno = seqno, .oseqno = 0, .type = AST_FRAME_IAX,
                .csub = compress_subclass(command) };
 
        return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
@@ -7225,7 +7225,7 @@ static int socket_process(struct iax2_thread *thread)
                /* Deal with POKE/PONG without allocating a callno */
                if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
                        /* Reply back with a PONG, but don't care about the result. */
-                       send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->oseqno);
+                       send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->iseqno + 1);
                        return 1;
                } else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
                        /* Ignore */
Mirror of https://github.com/asterisk/asterisk.git