Summary: | ASTERISK-13364: 1.2.31 break authentication of IAX2 registration | ||
Reporter: | Leonardo Gomes Figueira (sabbathbh) | Labels: | |
Date Opened: | 2009-01-14 07:06:03.000-0600 | Date Closed: | 2009-01-14 19:20:21.000-0600 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_iax2 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | The Security fix for AST-2009-001 on Asterisk 1.2.31 break the authentication of a peer that tries to register on Asterisk. Jan 14 10:52:28 WARNING[18728]: chan_iax2.c:6106 registry_authrequest: No such peer 'pftestedesenv' pfdesenv*CLI> iax2 show peers Name/Username Host Mask Port Status pftestedesenv/p (Unspecified) (D) 255.255.255.255 0 (T) UNKNOWN The same configuration on the previous versions (1.2.30.4 and before) works fine. ****** STEPS TO REPRODUCE ****** Create a peer with dynamic registration on Asterisk and try to register with this peer on another Asterisk box. Tried both RSA and plaintext auth. Sample config: Server peer using RSA: [pftestedesenv] type=friend username=pftestedesenv host=dynamic auth=rsa inkeys=pftestedesenv outkeys=pfdesenv qualify=yes context=tronco05_in trunk=yes jitterbuffer=yes disallow=all allow=alaw Server peer using plaintext: [pftestedesenv] type=friend username=pftestedesenv host=dynamic auth=plaintext secret=teste qualify=yes context=tronco05_in trunk=yes jitterbuffer=yes disallow=all allow=alaw Client register with RSA: register => pftestedesenv:[pftestedesenv]@1.2.3.4 Client register with plaintext: register => pftestedesenv:teste@1.2.3.4 | ||
Comments: | By: Leonardo Gomes Figueira (sabbathbh) 2009-01-14 10:39:16.000-0600 I think I found the cause and maybe the fix (and a workaround too). Comparing the code of registry_authrequest() in chan_iax2.c from 1.2.31 with 1.4.22.1: 1.2.31: if (p && ast_test_flag(p, IAX_TEMPONLY)) { destroy_peer(p); } else if (!delayreject) { ast_log(LOG_WARNING, "No such peer '%s'\n", name); return 0; } 1.4.22.1: if (!iaxs[callno]) goto return_unref; if (!p && !delayreject) { ast_log(LOG_WARNING, "No such peer '%s'\n", peer_name); goto return_unref; } Seems there's a missing check for "p" in 1.2.31. Maybe it should be: if (p && ast_test_flag(p, IAX_TEMPONLY)) { destroy_peer(p); } else if (!p && !delayreject) { ast_log(LOG_WARNING, "No such peer '%s'\n", name); return 0; } Tested this fix here and it worked fine. The workaround: Enable "delayreject=yes" on iax2.conf. Tested the workaround too. By: Digium Subversion (svnbot) 2009-01-14 19:20:20.000-0600 Repository: asterisk Revision: 168633 _U branches/1.4/ ------------------------------------------------------------------------ r168633 | tilghman | 2009-01-14 19:20:20 -0600 (Wed, 14 Jan 2009) | 5 lines Blocked revision 168632 from /branches/1.2: 1.2 regression on security fix AST-2009-001 (Closes issue ASTERISK-13364) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=168633 |