[Pkg-voip-commits] r5319 - /asterisk/branches/etch/debian/patches/AST-2007-027.dpatch
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Tue Mar 18 23:09:33 UTC 2008
Author: paravoid
Date: Tue Mar 18 23:09:33 2008
New Revision: 5319
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5319
Log:
Include forgotten upstream r93667 for AST-2007-027
Modified:
asterisk/branches/etch/debian/patches/AST-2007-027.dpatch
Modified: asterisk/branches/etch/debian/patches/AST-2007-027.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2007-027.dpatch?rev=5319&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2007-027.dpatch (original)
+++ asterisk/branches/etch/debian/patches/AST-2007-027.dpatch Tue Mar 18 23:09:33 2008
@@ -4,15 +4,23 @@
## DP: chan_sip/chan_iax2: fix a potential realtime vulnerability
## DP: exploitable only with host-based authentication
## DP: Fix a potential NULL-pointer dereference crash at the same time.
-## DP: r93667:94661 in upstream's SVN
+## DP: r93667, r93675, r94214, r94255, r94661 in upstream's SVN
## DP: Security fix, AST-2007-027, CVE-2007-6430
@DPATCH@
Index: channels/chan_sip.c
===================================================================
---- channels/chan_sip.c (revision 93667)
+--- channels/chan_sip.c (revision 90170)
+++ channels/chan_sip.c (revision 94661)
-@@ -1693,7 +1693,7 @@
+@@ -81,6 +81,7 @@
+ #include "asterisk/dnsmgr.h"
+ #include "asterisk/devicestate.h"
+ #include "asterisk/linkedlists.h"
++#include "asterisk/dnsmgr.h"
+
+ #ifdef OSP_SUPPORT
+ #include "asterisk/astosp.h"
+@@ -1692,22 +1693,47 @@
static struct sip_peer *realtime_peer(const char *peername, struct sockaddr_in *sin)
{
struct sip_peer *peer=NULL;
@@ -21,32 +29,15 @@
struct ast_variable *tmp;
char *newpeername = (char *) peername;
char iabuf[80];
-@@ -1701,40 +1701,39 @@
+
/* First check on peer name */
- if (newpeername) {
- var = ast_load_realtime("sippeers", "name", newpeername, "host", "dynamic", NULL);
-- if (!var && sin) {
+- if (newpeername)
+- var = ast_load_realtime("sippeers", "name", peername, NULL);
+- else if (sin) { /* Then check on IP address */
++ if (newpeername) {
++ var = ast_load_realtime("sippeers", "name", newpeername, "host", "dynamic", NULL);
+ if (!var && sin)
- var = ast_load_realtime("sippeers", "name", newpeername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), NULL);
-- if (!var) {
-- var = ast_load_realtime("sippeers", "name", newpeername, NULL);
-- /*!\note
-- * If this one loaded something, then we need to ensure that the host
-- * field matched. The only reason why we can't have this as a criteria
-- * is because we only have the IP address and the host field might be
-- * set as a name (and the reverse PTR might not match).
-- */
-- if (var) {
-- for (tmp = var; tmp; tmp = tmp->next) {
-- if (!strcasecmp(var->name, "host")) {
-- struct in_addr sin2 = { 0, };
-- struct ast_dnsmgr_entry *dnsmgr = NULL;
-- if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
-- /* No match */
-- ast_variables_destroy(var);
-- var = NULL;
-- }
-- break;
++ var = ast_load_realtime("sippeers", "name", newpeername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), NULL);
+ if (!var) {
+ var = ast_load_realtime("sippeers", "name", newpeername, NULL);
+ /*!\note
@@ -64,13 +55,12 @@
+ /* No match */
+ ast_variables_destroy(var);
+ var = NULL;
- }
++ }
+ break;
- }
- }
- }
- }
-- } else if (sin) { /* Then check on IP address */
++ }
++ }
++ }
++ }
+ }
+
+ if (!var && sin) { /* Then check on IP address */
@@ -87,9 +77,9 @@
return NULL;
Index: channels/chan_iax2.c
===================================================================
---- channels/chan_iax2.c (revision 93667)
+--- channels/chan_iax2.c (revision 90170)
+++ channels/chan_iax2.c (revision 94661)
-@@ -2620,7 +2620,7 @@
+@@ -2620,16 +2620,18 @@
static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in *sin)
{
@@ -98,33 +88,106 @@
struct ast_variable *tmp;
struct iax2_peer *peer=NULL;
time_t regseconds, nowtime;
-@@ -2629,9 +2629,9 @@
+ int dynamic=0;
++ char iabuf[INET_ADDRSTRLEN];
- if (peername) {
- var = ast_load_realtime("iaxpeers", "name", peername, "host", "dynamic", NULL);
-- if (!var)
+- if (peername)
+- var = ast_load_realtime("iaxpeers", "name", peername, NULL);
+- else {
+- char iabuf[INET_ADDRSTRLEN];
++ if (peername) {
++ var = ast_load_realtime("iaxpeers", "name", peername, "host", "dynamic", NULL);
+ if (!var && sin)
- var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
-- } else {
++ var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
+ } else if (sin) {
char porta[25];
ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr);
sprintf(porta, "%d", ntohs(sin->sin_port));
-@@ -2646,7 +2646,7 @@
+@@ -2644,6 +2646,29 @@
}
}
}
-- if (!var) { /* Last ditch effort */
+ if (!var && peername) { /* Last ditch effort */
- var = ast_load_realtime("iaxpeers", "name", peername, NULL);
- /*!\note
- * If this one loaded something, then we need to ensure that the host
-@@ -2654,7 +2654,7 @@
- * is because we only have the IP address and the host field might be
- * set as a name (and the reverse PTR might not match).
- */
-- if (var) {
++ var = ast_load_realtime("iaxpeers", "name", peername, NULL);
++ /*!\note
++ * If this one loaded something, then we need to ensure that the host
++ * field matched. The only reason why we can't have this as a criteria
++ * is because we only have the IP address and the host field might be
++ * set as a name (and the reverse PTR might not match).
++ */
+ if (var && sin) {
- for (tmp = var; tmp; tmp = tmp->next) {
- if (!strcasecmp(tmp->name, "host")) {
- struct in_addr sin2 = { 0, };
++ for (tmp = var; tmp; tmp = tmp->next) {
++ if (!strcasecmp(tmp->name, "host")) {
++ struct in_addr sin2 = { 0, };
++ struct ast_dnsmgr_entry *dnsmgr = NULL;
++ if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
++ /* No match */
++ ast_variables_destroy(var);
++ var = NULL;
++ }
++ break;
++ }
++ }
++ }
++ }
+ if (!var)
+ return NULL;
+
+@@ -2720,13 +2745,46 @@
+ return peer;
+ }
+
+-static struct iax2_user *realtime_user(const char *username)
++static struct iax2_user *realtime_user(const char *username, struct sockaddr_in *sin)
+ {
+ struct ast_variable *var;
+ struct ast_variable *tmp;
+ struct iax2_user *user=NULL;
++ char iabuf[INET_ADDRSTRLEN];
+
+- var = ast_load_realtime("iaxusers", "name", username, NULL);
++ var = ast_load_realtime("iaxusers", "name", username, "host", "dynamic", NULL);
++ if (!var && sin)
++ var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
++ if (!var && sin) {
++ char porta[6];
++ snprintf(porta, sizeof(porta), "%d", ntohs(sin->sin_port));
++ var = ast_load_realtime("iaxusers", "name", username, "ipaddr", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), "port", porta, NULL);
++ if (!var)
++ var = ast_load_realtime("iaxusers", "ipaddr", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), "port", porta, NULL);
++ }
++ if (!var) { /* Last ditch effort */
++ var = ast_load_realtime("iaxusers", "name", username, NULL);
++ /*!\note
++ * If this one loaded something, then we need to ensure that the host
++ * field matched. The only reason why we can't have this as a criteria
++ * is because we only have the IP address and the host field might be
++ * set as a name (and the reverse PTR might not match).
++ */
++ if (var) {
++ for (tmp = var; tmp; tmp = tmp->next) {
++ if (!strcasecmp(tmp->name, "host")) {
++ struct in_addr sin2 = { 0, };
++ struct ast_dnsmgr_entry *dnsmgr = NULL;
++ if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
++ /* No match */
++ ast_variables_destroy(var);
++ var = NULL;
++ }
++ break;
++ }
++ }
++ }
++ }
+ if (!var)
+ return NULL;
+
+@@ -4878,7 +4936,7 @@
+ ast_mutex_unlock(&userl.lock);
+ user = best;
+ if (!user && !ast_strlen_zero(iaxs[callno]->username)) {
+- user = realtime_user(iaxs[callno]->username);
++ user = realtime_user(iaxs[callno]->username, sin);
+ if (user && !ast_strlen_zero(iaxs[callno]->context) && /* No context specified */
+ !apply_context(user->contexts, iaxs[callno]->context)) { /* Context is permitted */
+ destroy_user(user);
More information about the Pkg-voip-commits
mailing list