| Summary: | ASTERISK-10563: patch for 10979 breaks IAX RSA auth | ||
| Reporter: | Dmitry Andrianov (dimas) | Labels: | |
| Date Opened: | 2007-10-17 19:01:05 | Date Closed: | 2009-08-25 18:55:08 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | The commit 85543 wasn't really a good idea. base64 _decoder_ will most likely produce binary data anyway (why base64 otherwise?) so there is no sense in nul-terminating these data. If string data is expected from decode operation, it is up to calling code to provide buffer of enough size and nul-terminate it. res_crypto __ast_check_signature provides fixed size buffer exactly matching the expected size of binary data so when base64 decoder forces nul-termination it effectively kills last byte of binary data and RSA key verification always fails. | ||
| Comments: | By: Russell Bryant (russell) 2007-10-17 23:16:37 You're right. I agree that it was a bad idea. Sorry. By: Digium Subversion (svnbot) 2007-10-17 23:20:08 Repository: asterisk Revision: 86237 U branches/1.4/main/utils.c ------------------------------------------------------------------------ r86237 | russell | 2007-10-17 23:20:06 -0500 (Wed, 17 Oct 2007) | 9 lines Revert a change that I made for issue ASTERISK-10528 which, as has been pointed out to me in issue ASTERISK-10563, doesn't really make sense. There is no reason to have the base64 decode function force a NULL terminated buffer, when the result is almost always binary, anyway. In fact, this caused some breakage, as some code in res_crypto passed in a buffer exactly the right size to get its binary result, which got stomped on by this patch. (closes issue ASTERISK-10563, reported by dimas) ------------------------------------------------------------------------ By: Digium Subversion (svnbot) 2007-10-17 23:20:46 Repository: asterisk Revision: 86238 _U trunk/ U trunk/main/utils.c ------------------------------------------------------------------------ r86238 | russell | 2007-10-17 23:20:46 -0500 (Wed, 17 Oct 2007) | 17 lines Merged revisions 86237 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r86237 | russell | 2007-10-17 23:40:52 -0500 (Wed, 17 Oct 2007) | 9 lines Revert a change that I made for issue ASTERISK-10528 which, as has been pointed out to me in issue ASTERISK-10563, doesn't really make sense. There is no reason to have the base64 decode function force a NULL terminated buffer, when the result is almost always binary, anyway. In fact, this caused some breakage, as some code in res_crypto passed in a buffer exactly the right size to get its binary result, which got stomped on by this patch. (closes issue ASTERISK-10563, reported by dimas) ........ ------------------------------------------------------------------------ | ||