kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-02 10:22:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_pjsip: Do not crash on ACKs from unknown endpoints.

Browse Source 
The endpoint identification PJSIP module is intended to identify which
endpoint an incoming request is from. If an endpoint is not identified,
then an artificial endpoint is used in its place when proceeding.

The problem is that the ACK request type is an exception to the rule.
The artificial endpoint is not used when processing an ACK. This results
in the possibility of having a NULL endpoint being used further on.

The reason ACK is an exception is an attempt not to spam security logs
with unidentified requests. Presumably, you've already logged the
unidentified request on the preceeding INVITE.

Up until Asterisk 13.10, retrieving a NULL endpoint in this fashion
didn't cause an issue. A new change in 13.10 added endpoint ACL checking
shortly after endpoint identification. Because we are accessing a NULL
endpoint, this ACL check resulted in a crash.

The fix here is to be sure to retrieve the artificial endpoint for all
request types. ACKs still do not generate unidentified request security
events.

ASTERISK-26264 #close
Reported by nappsoft

AST-2016-006

Change-Id: Ie0c795ae2d72273decb972dd74b6a1489fb6b703
This commit is contained in:
Mark Michelson
2016-08-16 15:34:53 -05:00
committed by Joshua Colp
parent fdb29f1b4e
commit f1ffc22933
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
res/res_pjsip/pjsip_distributor.c
View File

@@ -571,9 +571,7 @@ static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata)
} }
} }
if (!endpoint && !is_ack) { if (!endpoint) {
char name[AST_UUID_STR_LEN] = "";
pjsip_uri *from = rdata->msg_info.from->uri;
/* always use an artificial endpoint - per discussion no reason /* always use an artificial endpoint - per discussion no reason
to have "alwaysauthreject" as an option. It is felt using it to have "alwaysauthreject" as an option. It is felt using it
@@ -581,6 +579,13 @@ static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata)
breaking old stuff and we really don't want to enable the discovery breaking old stuff and we really don't want to enable the discovery
of SIP accounts */ of SIP accounts */
endpoint = ast_sip_get_artificial_endpoint(); endpoint = ast_sip_get_artificial_endpoint();
}
rdata->endpt_info.mod_data[endpoint_mod.id] = endpoint;
if (!is_ack) {
char name[AST_UUID_STR_LEN] = "";
pjsip_uri *from = rdata->msg_info.from->uri;
if (PJSIP_URI_SCHEME_IS_SIP(from) || PJSIP_URI_SCHEME_IS_SIPS(from)) { if (PJSIP_URI_SCHEME_IS_SIP(from) || PJSIP_URI_SCHEME_IS_SIPS(from)) {
pjsip_sip_uri *sip_from = pjsip_uri_get_uri(from); pjsip_sip_uri *sip_from = pjsip_uri_get_uri(from);
@@ -614,7 +619,6 @@ static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata)
ast_sip_report_invalid_endpoint(name, rdata); ast_sip_report_invalid_endpoint(name, rdata);
} }
} }
rdata->endpt_info.mod_data[endpoint_mod.id] = endpoint;
return PJ_FALSE; return PJ_FALSE;
} }