Summary: | ASTERISK-13497: [patch] 1.2.31.1 changes create storm of IAX2 register authentication retries | ||
Reporter: | Leonardo Gomes Figueira (sabbathbh) | Labels: | |
Date Opened: | 2009-02-02 09:05:18.000-0600 | Date Closed: | 2009-06-04 14:29:13 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_iax2 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 20090216__bug14386.diff.txt | |
Description: | The changes on chan_iax2.c from 1.2.30.4 to 1.2.31.1 created this bug: If "A" tries to register on "B" and the RSA key from "A" does not match the key on "inkeys" on "B", "B" do not send a "REGREJ", instead it sends a "REGAUTH" with a new "CHALLENGE", then "A" send a new "REGREQ" for this "CHALLENGE" with the same wrong RSA key and it loops forever on this (with a storm of REGREQ <--> REGAUTH packets). The console from the server ("B") will be flooded with this: Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Feb 2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' See the IAX2 debug on additional information. ****** ADDITIONAL INFORMATION ****** On 1.2.30.4 (the last version that IAX2 registration works fine) a wrong RSA key result in this packets on the server side: Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ Timestamp: 00003ms SCall: 04755 DCall: 00000 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH Timestamp: 00005ms SCall: 14311 DCall: 04755 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 921719753 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: REGREQ Timestamp: 00009ms SCall: 04755 DCall: 14311 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : KbGgedEfwO+adHL99+kRmbahTJ+xIf8uLktGvP3waiXDNHSKQU7qrZjEMtiA7Vr7X8hM5AKj3mt4LcbxKpdoNRoXStxIwrlHNGIUoOZkIb2Kf5vo2rDSyh4ibnFCmCmSLZlRUtRP1/22H+Y3AG/cCJtY4UF/XSaJ8Oom8zUaI/U Feb 2 09:59:31 NOTICE[21522]: chan_iax2.c:5428 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REGREJ Timestamp: 00012ms SCall: 14311 DCall: 04755 [192.168.0.1:4569] CAUSE : Registration Refused CAUSE CODE : 29 Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 002 Type: IAX Subclass: ACK Timestamp: 00012ms SCall: 04755 DCall: 14311 [192.168.0.1:4569] On 1.2.31.1 the result is this: Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ Timestamp: 00007ms SCall: 15500 DCall: 00000 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH Timestamp: 00014ms SCall: 09518 DCall: 15500 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 297926839 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: REGREQ Timestamp: 00015ms SCall: 15500 DCall: 09518 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : CBZGJtOwRYvgc9nCqh7nphRE3irNfOica0mRhXagRpHbKzexuw9eWGwBCuwGXKF3n6l2E1HZRW/x1ptYJl+XXrNKaT4u6G+thm/arC33Fy+GlBpnp6+DhZfgM3ThV5oSycMJDQk59h5zZxMHuePxGy6y+6iKc/osQRprmDFV4zs Feb 2 11:56:11 NOTICE[23826]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REGAUTH Timestamp: 00021ms SCall: 09518 DCall: 15500 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 123487244 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 002 Type: IAX Subclass: REGREQ Timestamp: 00021ms SCall: 15500 DCall: 09518 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : xLl8/YziYf7Pwfgb+8NKjrTiChfrxlM7UXgaZHfsxcqMLTd6HGdAJBKGFbEyFJECcQfP08aj/XgUyEIgoIqXNvSMcU5cNObF/pZvcGRvF7BZgs9GgQUV5C29GLDUQNAAV+MGuydfOsoMfpQj6u4D3Hht8HxxUAQStxDcw+00rwg Feb 2 11:56:11 NOTICE[23826]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Tx-Frame Retry[000] -- OSeqno: 002 ISeqno: 003 Type: IAX Subclass: REGAUTH Timestamp: 00027ms SCall: 09518 DCall: 15500 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 688749619 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 003 ISeqno: 003 Type: IAX Subclass: REGREQ Timestamp: 00027ms SCall: 15500 DCall: 09518 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : sJYLLFTNSanPrEqGf/NYmJ4W5YW8q3psQLhtxGZVaNQGQj1ktp6XMAD/xChruWgMp8N8hEdqtn8KRLrOomv7EMvCJrkcy80hwIXsgTvzFpJCAoUAQiFpy7mbQyPM+5A3LWTIDRCr5/z7914mr67EsdhSxkl+DECx+GkV6VDI6f4 Feb 2 11:56:11 NOTICE[23826]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Tx-Frame Retry[000] -- OSeqno: 003 ISeqno: 004 Type: IAX Subclass: REGAUTH Timestamp: 00033ms SCall: 09518 DCall: 15500 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 147690177 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 004 ISeqno: 004 Type: IAX Subclass: REGREQ Timestamp: 00033ms SCall: 15500 DCall: 09518 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : PE9yB1gkR6cS8CQvlUgnLgIPNjZ9G/5t0798dIesgHr1wfhSp6x14fHtlV0T4Y8FYUdZ3ADKy6CwajU5z7OWZGKSgI6MeWDmn6hgJw6nbeFw7BnQ9zRFsCnWgKwEY2IuLmqB/z9iCcBRrgLUdBfkQ5qnOw+F5uN0zWO1mGo5JFc Feb 2 11:56:11 NOTICE[23826]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Tx-Frame Retry[000] -- OSeqno: 004 ISeqno: 005 Type: IAX Subclass: REGAUTH Timestamp: 00039ms SCall: 09518 DCall: 15500 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 152046491 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 005 ISeqno: 005 Type: IAX Subclass: REGREQ Timestamp: 00039ms SCall: 15500 DCall: 09518 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : TJ2K9S/kOSMhDLOa7WpFWE0iu02A3uU5+XZaxWN6P7J+w7gHL6TZlzeMMHFpmuiSz60784zeneCgExlEnRiqmq9nfWbYi7MiqyTvEWdgsLQ+XJDpspwl/02KeNg9HCI7oGdJYnZMbpgANdhgv1em1XJuqkzt7CYnmE6Lm59Amv0 Feb 2 11:56:11 NOTICE[23826]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' Tx-Frame Retry[000] -- OSeqno: 005 ISeqno: 006 Type: IAX Subclass: REGAUTH Timestamp: 00045ms SCall: 09518 DCall: 15500 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 866777724 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 006 ISeqno: 006 Type: IAX Subclass: REGREQ Timestamp: 00046ms SCall: 15500 DCall: 09518 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 RSA RESULT : ElOCHURlxUVUVqcNDVUrXyeqsEFj0ZAn2sFoQvAHM3vLZUFTzkYtXcfUmy5VEHc16+Fmkki4cl2judIojQtBl6Scz1zqOF++EbCAbqM1o2QlBePUVcTtE1pmeG5GcUp1BgozXUYOypO85YrX9btPp5cqsiC+MDu6xiFNnFXfb10 Feb 2 11:56:11 NOTICE[23826]: chan_iax2.c:5436 register_verify: Host planetfoneclient failed RSA authentication with inkeys 'planetfoneclient' loop... | ||
Comments: | By: Joel Vandal (jvandal) 2009-02-02 13:35:59.000-0600 Have same similar problem but using 1.4.23.1. The 'scopserv-telecom' account no more exist on the server but the remote peer try to register about 100 times per second. [Feb 2 14:31:59] NOTICE[28159]: chan_iax2.c:5616 register_verify: No registration for peer 'scopserv-telecom' (from xx.xx.xxx.xxx) [Feb 2 14:31:59] NOTICE[28152]: chan_iax2.c:5616 register_verify: No registration for peer 'scopserv-telecom' (from xx.xx.xxx.xxx) [Feb 2 14:31:59] NOTICE[28155]: chan_iax2.c:5616 register_verify: No registration for peer 'scopserv-telecom' (from xx.xx.xxx.xxx) [Feb 2 14:31:59] NOTICE[28152]: chan_iax2.c:5616 register_verify: No registration for peer 'scopserv-telecom' (from xx.xx.xxx.xxx) [Feb 2 14:31:59] NOTICE[28157]: chan_iax2.c:5616 register_verify: No registration for peer 'scopserv-telecom' (from xx.xx.xxx.xxx) By: David Brillert (aragon) 2009-02-03 15:36:39.000-0600 Is this possibly related to http://bugs.digium.com/view.php?id=13749 By: Tilghman Lesher (tilghman) 2009-02-16 16:59:53.000-0600 sabbathbh: patch for 1.2 uploaded. Please test and verify. By: Leonardo Gomes Figueira (sabbathbh) 2009-02-17 08:36:41.000-0600 This patch fixed the storm when the RSA key is invalid but it broke the register authentication when the RSA key is valid. Now the server always rejects authentication: Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ Timestamp: 00012ms SCall: 08699 DCall: 00000 [192.168.0.1:4569] USERNAME : planetfoneclient REFRESH : 60 Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGREJ Timestamp: 00013ms SCall: 12982 DCall: 08699 [192.168.0.1:4569] CAUSE : Registration Refused CAUSE CODE : 29 Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: REGAUTH Timestamp: 00016ms SCall: 12982 DCall: 08699 [192.168.0.1:4569] AUTHMETHODS : 4 CHALLENGE : 101018474 USERNAME : planetfoneclient Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK Timestamp: 00013ms SCall: 08699 DCall: 12982 [192.168.0.1:4569] Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: INVAL Timestamp: 00000ms SCall: 08699 DCall: 12982 [192.168.0.1:4569] By: Digium Subversion (svnbot) 2009-05-15 17:59:25 Repository: asterisk Revision: 194878 U branches/1.2/apps/app_chanspy.c U branches/1.2/channels/chan_iax2.c ------------------------------------------------------------------------ r194878 | dvossel | 2009-05-15 17:59:24 -0500 (Fri, 15 May 2009) | 10 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. This patch also fixes some compile errors that occured using gcc v4.3.2. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13497) Reported by: sabbathbh ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=194878 By: Digium Subversion (svnbot) 2009-06-04 14:29:12 Repository: asterisk Revision: 199188 U tags/1.2.33/apps/app_chanspy.c U tags/1.2.33/channels/chan_iax2.c ------------------------------------------------------------------------ r199188 | dvossel | 2009-06-04 14:29:11 -0500 (Thu, 04 Jun 2009) | 10 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. This patch also fixes some compile errors that occured using gcc v4.3.2. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13497) Reported by: sabbathbh ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=199188 |