Summary:ASTERISK-13108: Asterisk can be crashed remotely when using realtime for IAX2 users.
Reporter:Jon Leren Schøpzinsky (jonleren)Labels:
Date Opened:2008-11-22 17:53:17.000-0600Date Closed:2008-12-11 14:05:54.000-0600
Versions:Frequency of
Description:Asterisk crashes when an unknown IAX2 user tries to make a call, and the call is authenticated thru realtime.

This is due to a value list not ending with NULL in line 2877 of chan_iax2.c

I do not know how far back this bug is present.

The only change needed to fix this bug, is to change:
var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), NULL);
in line 2877
so thats why I havent attached a patch file.

Kind Regards
Jon Leren Schøpzinsky
Comments:By: Jon Leren Schøpzinsky (jonleren) 2008-11-22 18:19:54.000-0600

This issue is present since 1.2.26.

By: Jon Leren Schøpzinsky (jonleren) 2008-11-23 06:18:58.000-0600

I just verified that this issue does NOT affect the SIP channel.

By: Mark Michelson (mmichelson) 2008-12-11 14:05:54.000-0600

This issue is resolved with the release of Asterisk

The security advisory that accompanied this release can be found here:

Thanks for reporting this.