[Pkg-voip-commits] r10137 - in /asterisk/trunk/debian: changelog patches/AST-2012-014 patches/fix-sip-tcp-no-FILE patches/fix-sip-tls-leak patches/series
tzafrir at alioth.debian.org
tzafrir at alioth.debian.org
Mon Apr 8 23:12:38 UTC 2013
Author: tzafrir
Date: Mon Apr 8 23:12:37 2013
New Revision: 10137
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=10137
Log:
Rewrtote sip.conf parts of AST-2012-014: dropped patches
fix-sip-tcp-no-FILE and fix-sip-tls-leak.
Removed:
asterisk/trunk/debian/patches/fix-sip-tcp-no-FILE
asterisk/trunk/debian/patches/fix-sip-tls-leak
Modified:
asterisk/trunk/debian/changelog
asterisk/trunk/debian/patches/AST-2012-014
asterisk/trunk/debian/patches/series
Modified: asterisk/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/changelog?rev=10137&op=diff
==============================================================================
--- asterisk/trunk/debian/changelog (original)
+++ asterisk/trunk/debian/changelog Mon Apr 8 23:12:37 2013
@@ -1,6 +1,7 @@
-asterisk (1:1.8.13.1~dfsg-3) UNRELEASED; urgency=low
-
- * NOT RELEASED YET
+asterisk (1:1.8.13.1~dfsg-3) UNRELEASED; urgency=high
+
+ * Rewrtote sip.conf parts of AST-2012-014: dropped patches
+ fix-sip-tcp-no-FILE and fix-sip-tls-leak.
-- Tzafrir Cohen <tzafrir at debian.org> Sat, 06 Apr 2013 23:58:22 +0300
Modified: asterisk/trunk/debian/patches/AST-2012-014
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/AST-2012-014?rev=10137&op=diff
==============================================================================
--- asterisk/trunk/debian/patches/AST-2012-014 (original)
+++ asterisk/trunk/debian/patches/AST-2012-014 Mon Apr 8 23:12:37 2013
@@ -35,163 +35,40 @@
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
-@@ -2520,19 +2520,20 @@ static int sip_tls_read(struct sip_reque
- int authenticated, time_t start, struct sip_threadinfo *me)
- {
- int res, content_length, after_poll = 1, need_poll = 1;
-+ size_t datalen = ast_str_strlen(req->data);
+@@ -2504,6 +2504,7 @@ static void *_sip_tcp_helper_thread(stru
+ int res, cl, timeout = -1, authenticated = 0, flags, after_poll = 0, need_poll = 1;
+ time_t start;
+ struct sip_request req = { 0, } , reqcpy = { 0, };
++ size_t datalen;
+ struct sip_threadinfo *me = NULL;
char buf[1024] = "";
- int timeout = -1;
--
-- /* Read in headers one line at a time */
-- while (ast_str_strlen(req->data) < 4 || strncmp(REQ_OFFSET_TO_STR(req, data->used - 4), "\r\n\r\n", 4)) {
-- if (!tcptls_session->client && !authenticated) {
-- if ((timeout = sip_check_authtimeout(start)) < 0) {
-- ast_debug(2, "SIP SSL server failed to determine authentication timeout\n");
-+
-+ /* Read in headers one line at a time */
-+ while (datalen < 4 || strncmp(REQ_OFFSET_TO_STR(req, data->used - 4), "\r\n\r\n", 4)) {
-+ if (!tcptls_session->client && !authenticated) {
-+ if ((timeout = sip_check_authtimeout(start)) < 0) {
-+ ast_debug(2, "SIP TLS server failed to determine authentication timeout\n");
- return -1;
+ struct pollfd fds[2] = { { 0 }, { 0 }, };
+@@ -2640,8 +2641,9 @@ static void *_sip_tcp_helper_thread(stru
}
+ req.socket.fd = tcptls_session->fd;
- if (timeout == 0) {
-- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "SSL": "TCP");
-+ ast_debug(2, "SIP TLS server timed out\n");
- return -1;
++ datalen = ast_str_strlen(req.data);
+ /* Read in headers one line at a time */
+- while (ast_str_strlen(req.data) < 4 || strncmp(REQ_OFFSET_TO_STR(&req, data->used - 4), "\r\n\r\n", 4)) {
++ while (datalen < 4 || strncmp(REQ_OFFSET_TO_STR(&req, data->used - 4), "\r\n\r\n", 4)) {
+ if (!tcptls_session->client && !authenticated ) {
+ if ((timeout = sip_check_authtimeout(start)) < 0) {
+ goto cleanup;
+@@ -2688,6 +2690,14 @@ static void *_sip_tcp_helper_thread(stru
+ goto cleanup;
+ }
+ ast_str_append(&req.data, 0, "%s", buf);
++ datalen = ast_str_strlen(req.data);
++ if (datalen > SIP_MAX_PACKET_SIZE) {
++ ast_log(LOG_WARNING, "Rejecting SIP %s packet from '%s' because way too large: %zu\n",
++ tcptls_session->ssl ? "SSL" : "TCP",
++ ast_sockaddr_stringify(&tcptls_session->remote_address),
++ datalen);
++ goto cleanup;
++ }
}
- } else {
-@@ -2547,11 +2548,11 @@ static int sip_tls_read(struct sip_reque
- after_poll = 1;
- res = ast_wait_for_input(tcptls_session->fd, timeout);
- if (res < 0) {
-- ast_debug(2, "SIP TCP server :: ast_wait_for_input returned %d\n", res);
-+ ast_debug(2, "SIP TLS server :: ast_wait_for_input returned %d\n", res);
- return -1;
- } else if (res == 0) {
- /* timeout */
-- ast_debug(2, "SIP TCP server timed out\n");
-+ ast_debug(2, "SIP TLS server timed out\n");
- return -1;
- }
- }
-@@ -2572,6 +2573,13 @@ static int sip_tls_read(struct sip_reque
- return -1;
- }
- ast_str_append(&req->data, 0, "%s", buf);
-+
-+ datalen = ast_str_strlen(req->data);
-+ if (datalen > SIP_MAX_PACKET_SIZE) {
-+ ast_log(LOG_WARNING, "Rejecting TLS packet from '%s' because way too large: %zu\n",
-+ ast_sockaddr_stringify(&tcptls_session->remote_address), datalen);
-+ return -1;
-+ }
- }
- copy_request(reqcpy, req);
- parse_request(reqcpy);
-@@ -2585,7 +2593,7 @@ static int sip_tls_read(struct sip_reque
- }
-
- if (timeout == 0) {
-- ast_debug(2, "SIP SSL server timed out\n");
-+ ast_debug(2, "SIP TLS server timed out\n");
- return -1;
- }
- } else {
-@@ -2597,11 +2605,11 @@ static int sip_tls_read(struct sip_reque
- after_poll = 1;
- res = ast_wait_for_input(tcptls_session->fd, timeout);
- if (res < 0) {
-- ast_debug(2, "SIP TCP server :: ast_wait_for_input returned %d\n", res);
-+ ast_debug(2, "SIP TLS server :: ast_wait_for_input returned %d\n", res);
- return -1;
- } else if (res == 0) {
- /* timeout */
-- ast_debug(2, "SIP TCP server timed out\n");
-+ ast_debug(2, "SIP TLS server timed out\n");
- return -1;
- }
- }
-@@ -2624,6 +2632,13 @@ static int sip_tls_read(struct sip_reque
- }
- content_length -= strlen(buf);
- ast_str_append(&req->data, 0, "%s", buf);
-+
-+ datalen = ast_str_strlen(req->data);
-+ if (datalen > SIP_MAX_PACKET_SIZE) {
-+ ast_log(LOG_WARNING, "Rejecting TLS packet from '%s' because way too large: %zu\n",
-+ ast_sockaddr_stringify(&tcptls_session->remote_address), datalen);
-+ return -1;
-+ }
- }
- }
- /*! \todo XXX If there's no Content-Length or if the content-length and what
-@@ -2801,6 +2816,8 @@ static int sip_tcp_read(struct sip_reque
- enum message_integrity message_integrity = MESSAGE_FRAGMENT;
-
- while (message_integrity == MESSAGE_FRAGMENT) {
-+ size_t datalen;
-+
- if (ast_str_strlen(tcptls_session->overflow_buf) == 0) {
- char readbuf[4097];
- int timeout;
-@@ -2840,6 +2857,13 @@ static int sip_tcp_read(struct sip_reque
- ast_str_append(&req->data, 0, "%s", ast_str_buffer(tcptls_session->overflow_buf));
- ast_str_reset(tcptls_session->overflow_buf);
- }
-+
-+ datalen = ast_str_strlen(req->data);
-+ if (datalen > SIP_MAX_PACKET_SIZE) {
-+ ast_log(LOG_WARNING, "Rejecting TCP packet from '%s' because way too large: %zu\n",
-+ ast_sockaddr_stringify(&tcptls_session->remote_address), datalen);
-+ return -1;
-+ }
-
- message_integrity = check_message_integrity(&req->data, &tcptls_session->overflow_buf);
- }
-@@ -2911,7 +2935,7 @@ static void *_sip_tcp_helper_thread(stru
- }
-
- me->threadid = pthread_self();
-- ast_debug(2, "Starting thread for %s server\n", tcptls_session->ssl ? "SSL" : "TCP");
-+ ast_debug(2, "Starting thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
-
- /* set up pollfd to watch for reads on both the socket and the alert_pipe */
- fds[0].fd = tcptls_session->fd;
-@@ -2945,7 +2969,7 @@ static void *_sip_tcp_helper_thread(stru
- }
-
- if (timeout == 0) {
-- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "SSL": "TCP");
-+ ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
- goto cleanup;
- }
- } else {
-@@ -2955,11 +2979,11 @@ static void *_sip_tcp_helper_thread(stru
- if (ast_str_strlen(tcptls_session->overflow_buf) == 0) {
- res = ast_poll(fds, 2, timeout); /* polls for both socket and alert_pipe */
- if (res < 0) {
-- ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", tcptls_session->ssl ? "SSL": "TCP", res);
-+ ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", tcptls_session->ssl ? "TLS": "TCP", res);
- goto cleanup;
- } else if (res == 0) {
- /* timeout */
-- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "SSL": "TCP");
-+ ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
- goto cleanup;
- }
- }
-@@ -3041,7 +3065,7 @@ static void *_sip_tcp_helper_thread(stru
- }
- }
-
-- ast_debug(2, "Shutting down thread for %s server\n", tcptls_session->ssl ? "SSL" : "TCP");
-+ ast_debug(2, "Shutting down thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
-
- cleanup:
- if (tcptls_session && !tcptls_session->client && !authenticated) {
+ copy_request(&reqcpy, &req);
+ parse_request(&reqcpy);
--- a/channels/sip/include/sip.h
+++ b/channels/sip/include/sip.h
@@ -96,6 +96,7 @@
Modified: asterisk/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/series?rev=10137&op=diff
==============================================================================
--- asterisk/trunk/debian/patches/series (original)
+++ asterisk/trunk/debian/patches/series Mon Apr 8 23:12:37 2013
@@ -28,9 +28,6 @@
AST-2012-012
AST-2012-013
-# Needed for AST-2012-014:
-fix-sip-tcp-no-FILE
-fix-sip-tls-leak
AST-2012-014
AST-2012-015
powerpcspe
More information about the Pkg-voip-commits
mailing list