[Pkg-voip-commits] r5319 - /asterisk/branches/etch/debian/patches/AST-2007-027.dpatch

Tue Mar 18 23:09:33 UTC 2008

Author: paravoid
Date: Tue Mar 18 23:09:33 2008
New Revision: 5319

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5319
Log:
Include forgotten upstream r93667 for AST-2007-027

Modified:
    asterisk/branches/etch/debian/patches/AST-2007-027.dpatch

Modified: asterisk/branches/etch/debian/patches/AST-2007-027.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2007-027.dpatch?rev=5319&op=diff
==============================================================================

--- asterisk/branches/etch/debian/patches/AST-2007-027.dpatch (original)
+++ asterisk/branches/etch/debian/patches/AST-2007-027.dpatch Tue Mar 18 23:09:33 2008
@@ -4,15 +4,23 @@
 ## DP: chan_sip/chan_iax2: fix a potential realtime vulnerability
 ## DP: exploitable only with host-based authentication
 ## DP: Fix a potential NULL-pointer dereference crash at the same time.
-## DP: r93667:94661 in upstream's SVN
+## DP: r93667, r93675, r94214, r94255, r94661 in upstream's SVN
 ## DP: Security fix, AST-2007-027, CVE-2007-6430
 
 @DPATCH@
 Index: channels/chan_sip.c
 ===================================================================
---- channels/chan_sip.c	(revision 93667)
+--- channels/chan_sip.c	(revision 90170)
 +++ channels/chan_sip.c	(revision 94661)
-@@ -1693,7 +1693,7 @@
+@@ -81,6 +81,7 @@
+ #include "asterisk/dnsmgr.h"
+ #include "asterisk/devicestate.h"
+ #include "asterisk/linkedlists.h"
++#include "asterisk/dnsmgr.h"
+ 
+ #ifdef OSP_SUPPORT
+ #include "asterisk/astosp.h"
+@@ -1692,22 +1693,47 @@
  static struct sip_peer *realtime_peer(const char *peername, struct sockaddr_in *sin)
  {
  	struct sip_peer *peer=NULL;
@@ -21,32 +29,15 @@
  	struct ast_variable *tmp;
  	char *newpeername = (char *) peername;
  	char iabuf[80];
-@@ -1701,40 +1701,39 @@
+ 
  	/* First check on peer name */
- 	if (newpeername) {
- 		var = ast_load_realtime("sippeers", "name", newpeername, "host", "dynamic", NULL);
--		if (!var && sin) {
+-	if (newpeername) 
+-		var = ast_load_realtime("sippeers", "name", peername, NULL);
+-	else if (sin) {	/* Then check on IP address */
++	if (newpeername) {
++		var = ast_load_realtime("sippeers", "name", newpeername, "host", "dynamic", NULL);
 +		if (!var && sin)
- 			var = ast_load_realtime("sippeers", "name", newpeername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), NULL);
--			if (!var) {
--				var = ast_load_realtime("sippeers", "name", newpeername, NULL);
--				/*!\note
--				 * If this one loaded something, then we need to ensure that the host
--				 * field matched.  The only reason why we can't have this as a criteria
--				 * is because we only have the IP address and the host field might be
--				 * set as a name (and the reverse PTR might not match).
--				 */
--				if (var) {
--					for (tmp = var; tmp; tmp = tmp->next) {
--						if (!strcasecmp(var->name, "host")) {
--							struct in_addr sin2 = { 0, };
--							struct ast_dnsmgr_entry *dnsmgr = NULL;
--							if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
--								/* No match */
--								ast_variables_destroy(var);
--								var = NULL;
--							}
--							break;
++			var = ast_load_realtime("sippeers", "name", newpeername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), NULL);
 +		if (!var) {
 +			var = ast_load_realtime("sippeers", "name", newpeername, NULL);
 +			/*!\note
@@ -64,13 +55,12 @@
 +							/* No match */
 +							ast_variables_destroy(var);
 +							var = NULL;
- 						}
++						}
 +						break;
- 					}
- 				}
- 			}
- 		}
--	} else if (sin) {	/* Then check on IP address */
++					}
++				}
++			}
++		}
 +	}
 +
 +	if (!var && sin) {	/* Then check on IP address */
@@ -87,9 +77,9 @@
  		return NULL;
 Index: channels/chan_iax2.c
 ===================================================================
---- channels/chan_iax2.c	(revision 93667)
+--- channels/chan_iax2.c	(revision 90170)
 +++ channels/chan_iax2.c	(revision 94661)
-@@ -2620,7 +2620,7 @@
+@@ -2620,16 +2620,18 @@
  
  static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in *sin)
  {
@@ -98,33 +88,106 @@
  	struct ast_variable *tmp;
  	struct iax2_peer *peer=NULL;
  	time_t regseconds, nowtime;
-@@ -2629,9 +2629,9 @@
+ 	int dynamic=0;
++	char iabuf[INET_ADDRSTRLEN];
  
- 	if (peername) {
- 		var = ast_load_realtime("iaxpeers", "name", peername, "host", "dynamic", NULL);
--		if (!var)
+-	if (peername)
+-		var = ast_load_realtime("iaxpeers", "name", peername, NULL);
+-	else {
+-		char iabuf[INET_ADDRSTRLEN];
++	if (peername) {
++		var = ast_load_realtime("iaxpeers", "name", peername, "host", "dynamic", NULL);
 +		if (!var && sin)
- 			var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
--	} else {
++			var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
 +	} else if (sin) {
  		char porta[25];
  		ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr);
  		sprintf(porta, "%d", ntohs(sin->sin_port));
-@@ -2646,7 +2646,7 @@
+@@ -2644,6 +2646,29 @@
  			}
  		}
  	}
--	if (!var) { /* Last ditch effort */
 +	if (!var && peername) { /* Last ditch effort */
- 		var = ast_load_realtime("iaxpeers", "name", peername, NULL);
- 		/*!\note
- 		 * If this one loaded something, then we need to ensure that the host
-@@ -2654,7 +2654,7 @@
- 		 * is because we only have the IP address and the host field might be
- 		 * set as a name (and the reverse PTR might not match).
- 		 */
--		if (var) {
++		var = ast_load_realtime("iaxpeers", "name", peername, NULL);
++		/*!\note
++		 * If this one loaded something, then we need to ensure that the host
++		 * field matched.  The only reason why we can't have this as a criteria
++		 * is because we only have the IP address and the host field might be
++		 * set as a name (and the reverse PTR might not match).
++		 */
 +		if (var && sin) {
- 			for (tmp = var; tmp; tmp = tmp->next) {
- 				if (!strcasecmp(tmp->name, "host")) {
- 					struct in_addr sin2 = { 0, };
++			for (tmp = var; tmp; tmp = tmp->next) {
++				if (!strcasecmp(tmp->name, "host")) {
++					struct in_addr sin2 = { 0, };
++					struct ast_dnsmgr_entry *dnsmgr = NULL;
++					if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
++						/* No match */
++						ast_variables_destroy(var);
++						var = NULL;
++					}
++					break;
++				}
++			}
++		}
++	}
+ 	if (!var)
+ 		return NULL;
+ 
+@@ -2720,13 +2745,46 @@
+ 	return peer;
+ }
+ 
+-static struct iax2_user *realtime_user(const char *username)
++static struct iax2_user *realtime_user(const char *username, struct sockaddr_in *sin)
+ {
+ 	struct ast_variable *var;
+ 	struct ast_variable *tmp;
+ 	struct iax2_user *user=NULL;
++	char iabuf[INET_ADDRSTRLEN];
+ 
+-	var = ast_load_realtime("iaxusers", "name", username, NULL);
++	var = ast_load_realtime("iaxusers", "name", username, "host", "dynamic", NULL);
++	if (!var && sin)
++		var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
++	if (!var && sin) {
++		char porta[6];
++		snprintf(porta, sizeof(porta), "%d", ntohs(sin->sin_port));
++		var = ast_load_realtime("iaxusers", "name", username, "ipaddr", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), "port", porta, NULL);
++		if (!var)
++			var = ast_load_realtime("iaxusers", "ipaddr", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), "port", porta, NULL);
++	}
++	if (!var) { /* Last ditch effort */
++		var = ast_load_realtime("iaxusers", "name", username, NULL);
++		/*!\note
++		 * If this one loaded something, then we need to ensure that the host
++		 * field matched.  The only reason why we can't have this as a criteria
++		 * is because we only have the IP address and the host field might be
++		 * set as a name (and the reverse PTR might not match).
++		 */
++		if (var) {
++			for (tmp = var; tmp; tmp = tmp->next) {
++				if (!strcasecmp(tmp->name, "host")) {
++					struct in_addr sin2 = { 0, };
++					struct ast_dnsmgr_entry *dnsmgr = NULL;
++					if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
++						/* No match */
++						ast_variables_destroy(var);
++						var = NULL;
++					}
++					break;
++				}
++			}
++		}
++	}
+ 	if (!var)
+ 		return NULL;
+ 
+@@ -4878,7 +4936,7 @@
+ 	ast_mutex_unlock(&userl.lock);
+ 	user = best;
+ 	if (!user && !ast_strlen_zero(iaxs[callno]->username)) {
+-		user = realtime_user(iaxs[callno]->username);
++		user = realtime_user(iaxs[callno]->username, sin);
+ 		if (user && !ast_strlen_zero(iaxs[callno]->context) &&			/* No context specified */
+ 		    !apply_context(user->contexts, iaxs[callno]->context)) {		/* Context is permitted */
+ 			destroy_user(user);


