[Pkg-voip-commits] r9073 - in /asterisk/branches/squeeze/debian: changelog patches/AST-2011-011 patches/series

tzafrir at alioth.debian.org tzafrir at alioth.debian.org
Fri Jul 1 13:18:13 UTC 2011 

Author: tzafrir
Date: Fri Jul  1 13:18:13 2011
New Revision: 9073

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=9073
Log:
AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
(closes: #632029)

Added:
    asterisk/branches/squeeze/debian/patches/AST-2011-011
Modified:
    asterisk/branches/squeeze/debian/changelog
    asterisk/branches/squeeze/debian/patches/series

Modified: asterisk/branches/squeeze/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/changelog?rev=9073&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/changelog (original)
+++ asterisk/branches/squeeze/debian/changelog Fri Jul  1 13:18:13 2011
@@ -4,8 +4,10 @@
    (Closes: 631446).
   * Patch AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote
     pointer (closes: #631448).
-
- -- Tzafrir Cohen <tzafrir at debian.org>  Fri, 24 Jun 2011 18:53:22 +0300
+  * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
+    (closes: #632029)
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Fri, 01 Jul 2011 14:57:12 +0300
 
 asterisk (1:1.6.2.9-2+squeeze2) stable-security; urgency=high
 

Added: asterisk/branches/squeeze/debian/patches/AST-2011-011
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/AST-2011-011?rev=9073&op=file
==============================================================================
--- asterisk/branches/squeeze/debian/patches/AST-2011-011 (added)
+++ asterisk/branches/squeeze/debian/patches/AST-2011-011 Fri Jul  1 13:18:13 2011
@@ -1,0 +1,68 @@
+From b06d1f57ba6bd29e29a659d428ec378330d76665 Mon Sep 17 00:00:00 2001
+From: Terry Wilson <twilson at digium.com>
+Date: Tue, 28 Jun 2011 20:06:16 +0000
+Subject: [PATCH] Merged revisions 325275 via svnmerge from
+ https://origsvn.digium.com/svn/asterisk/branches/1.4
+
+........
+  r325275 | twilson | 2011-06-28 15:03:19 -0500 (Tue, 28 Jun 2011) | 2 lines
+
+  Don't leak SIP username information
+........
+
+
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=325277
+---
+ channels/chan_sip.c |   17 ++++++-----------
+ 1 files changed, 6 insertions(+), 11 deletions(-)
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -13004,9 +13004,9 @@ static void transmit_fake_auth_response(
+ {
+ 	/* We have to emulate EXACTLY what we'd get with a good peer
+ 	 * and a bad password, or else we leak information. */
+-	const char *response = "407 Proxy Authentication Required";
+-	const char *reqheader = "Proxy-Authorization";
+-	const char *respheader = "Proxy-Authenticate";
++	const char *response = "401 Unauthorized";
++	const char *reqheader = "Authorization";
++	const char *respheader = "WWW-Authenticate";
+ 	const char *authtoken;
+ 	struct ast_str *buf;
+ 	char *c;
+@@ -13021,23 +13021,18 @@ static void transmit_fake_auth_response(
+ 		[K_LAST] = { NULL, NULL}
+ 	};
+ 
+-	if (sipmethod == SIP_REGISTER || sipmethod == SIP_SUBSCRIBE) {
+-		response = "401 Unauthorized";
+-		reqheader = "Authorization";
+-		respheader = "WWW-Authenticate";
+-	}
+ 	authtoken = get_header(req, reqheader);
+ 	if (req->ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) {
+ 		/* This is a retransmitted invite/register/etc, don't reconstruct authentication
+ 		 * information */
+-		transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
++		transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
+ 		/* Schedule auto destroy in 32 seconds (according to RFC 3261) */
+ 		sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ 		return;
+ 	} else if (ast_strlen_zero(p->randdata) || ast_strlen_zero(authtoken)) {
+ 		/* We have no auth, so issue challenge and request authentication */
+ 		set_nonce_randdata(p, 1);
+-		transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
++		transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
+ 		/* Schedule auto destroy in 32 seconds */
+ 		sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ 		return;
+@@ -13296,7 +13291,7 @@ static enum check_auth_result register_v
+ 			}
+ 		}
+ 	}
+-	if (!peer && sip_cfg.alwaysauthreject) {
++	if (!peer && sip_cfg.alwaysauthreject && ast_test_flag(&p->flags[1], SIP_PAGE2_REGISTERTRYING)) {
+ 		/* If we found a peer, we transmit a 100 Trying.  Therefore, if we're
+ 		 * trying to avoid leaking information, we MUST also transmit the same
+ 		 * response when we DON'T find a peer. */

Modified: asterisk/branches/squeeze/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/series?rev=9073&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/series (original)
+++ asterisk/branches/squeeze/debian/patches/series Fri Jul  1 13:18:13 2011
@@ -36,3 +36,4 @@
 AST-2011-006
 AST-2011-008
 AST-2011-010
+AST-2011-011

More information about the Pkg-voip-commits mailing list