Summary: | ASTERISK-08048: Dundi Problem with Key generated on hardened system. | ||
Reporter: | Omar Belakhdar (belakdar) | Labels: | |
Date Opened: | 2006-11-02 05:20:58.000-0600 | Date Closed: | 2011-06-07 14:03:05 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | I followed all instruction given by the paper of Mark Spencer "Unsing Dundi with cluster of ...". I get the following problem with the used keys. Here is the mapping in the dundi.conf file. priv => sipregistration,0,IAX2,priv:${SECRET}@192.168.1.46/${NUMBER},nopartial Here is also an execution of the dialplan when calling the extension 1101 registered on a dundi peer. -- Executing ChanIsAvail("SIP/1131-103b", "SIP/1101|sj") -- Executing Goto("SIP/1131-103b", "lookupdundi|1101|1") -- Goto (lookupdundi,1101,1) Nov 2 12:03:36 NOTICE[14565]: res_crypto.c:391 __ast_encrypt_bin: How odd, encrypted size is -1 Nov 2 12:03:36 NOTICE[14565]: pbx_dundi.c:1320 update_key: Whoa, got a weird encrypt size (-1 != 128)! Nov 2 12:03:36 NOTICE[14565]: pbx_dundi.c:3056 dundi_send: Failed to send packet to '00:0f:ea:79:24:9e' Nov 2 12:03:37 NOTICE[14565]: res_crypto.c:391 __ast_encrypt_bin: How odd, encrypted size is -1 Nov 2 12:03:37 NOTICE[14565]: pbx_dundi.c:1320 update_key: Whoa, got a weird encrypt size (-1 != 128)! Nov 2 12:03:37 NOTICE[14565]: pbx_dundi.c:3056 dundi_send: Failed to send packet to '00:0f:ea:79:24:9e' -- Sent into invalid extension '1101' in context 'lookupdundi' on SIP/1131-103b -- Executing Playback("SIP/1131-103b", "pbx-invalid") in new stack -- Playing 'pbx-invalid' (language 'fr') -- Executing Hangup("SIP/1131-103b", "") in new stack == Spawn extension (lookupdundi, i, 2) exited non-zero on 'SIP/1131-103b' Nov 2 12:03:42 NOTICE[14565]: res_crypto.c:391 __ast_encrypt_bin: How odd, encrypted size is -1 Nov 2 12:03:42 NOTICE[14565]: pbx_dundi.c:1320 update_key: Whoa, got a weird encrypt size (-1 != 128)! Nov 2 12:03:42 NOTICE[14565]: pbx_dundi.c:3056 dundi_send: Failed to send packet to '00:0f:ea:79:24:9e' ****** ADDITIONAL INFORMATION ****** I'm still using 1.2.4 | ||
Comments: | By: Russell Bryant (russell) 2006-11-02 07:46:02.000-0600 1.2.4 is quite old. Please upgrade to the latest version and see if you still have the problem. By: Omar Belakhdar (belakdar) 2006-11-02 16:17:12.000-0600 Thanks for your answer. The problem is reproducable with the 1.2.13. After setting up the dundi debug, here is the resulting logs: ----------------------------------------------------------------------------- Nov 2 23:09:29 NOTICE[14743]: res_crypto.c:391 __ast_encrypt_bin: How odd, encrypted size is -1 Nov 2 23:09:29 NOTICE[14743]: pbx_dundi.c:1320 update_key: Whoa, got a weird encrypt size (-1 != 128)! Nov 2 23:09:29 NOTICE[14743]: pbx_dundi.c:3056 cdypeer_send: Failed to send packet to '00:0f:ea:79:24:9e' Tx-Frame Retry[No] -- OSeqno: 000 ISeqno: 000 Type: DPDISCOVER (Command) Flags: 00 STrans: 22660 DTrans: 00000 [192.168.1.47:4520] VERSION : 1 DIRECT EID : 00:13:20:b7:ba:af CALLED NUMBER : 1101 CALLED CONTEXT : priv TTL : 2 Rx-Frame Retry[No] -- OSeqno: 000 ISeqno: 001 Type: DPRESPONSE (Response) Flags: 00 STrans: 25242 DTrans: 22660 [192.168.1.47:4520] (Final) CAUSE : NOAUTH: Unencrypted responses not permitted ------------------------------------------------------------------------------ I tried many things but I get always the same result. Then I returned back to the code, it seems for me that the problem is likely due to the keys. My keys are generated with astgenkey -n dundi then copied to each peer. Any idea? regards. Omar. By: Omar Belakhdar (belakdar) 2006-11-02 16:22:46.000-0600 Another thing is when I enabled the debugging with dundi debug and the error occurs, asterisk get killed due to a stack smashing attack in the function dundi_showframe(). Asterisk is compiled with SSP support. Thanks. Omar. By: Omar Belakhdar (belakdar) 2006-11-09 09:06:38.000-0600 Good afternoon, The problem is solved. This issue has to be closed. The problem was due to an denied access (* is running under unpreviliged user) to my entropy file on the system. This make * assumes that the dundi messages were not encrypted and thus it makes it complain. However, when debug option is used, the dundi crashes ... this means that * has to be more cautious about this situation when the keys are not provided. This can be used as stack smashing attack in "dundi_showframe()". Hope this help. Omar. By: Russell Bryant (russell) 2006-11-09 09:44:38.000-0600 I'm glad you have found the problem! I will take a look at the reasons it was crashing when you had no keys before I close out this bug. Thanks |