|Summary:||ASTERISK-20015: Device handling issues in skinny|
|Reporter:||Damien Wedhorn (wedhorn)||Labels:|
|Date Opened:||2012-06-16 18:00:08||Date Closed:||2013-03-08 02:03:11.000-0600|
|Versions:||18.104.22.168 10.6.0||Frequency of|
|Environment:||Attachments:||( 0) skinny.device-deref.ast1.8.diff|
( 1) skinny.device-deref.ast10.diff
|Description:||Revised handling so that l->device is set on configuration rather than registration. This is in light of security issues identified with chan_skinny and ensures that dereferences of l->device are valid in respect of messages from a device (or program masquerading as a device). Tests of l->device are left in (although many would be redundant) and expanded to test for a valid session.|
Also rejects a registration if the device is already registered. The "attack" tools would through a registered device offline, this patch also forbids that.
These changes (or equivalent) are already in trunk.
|Comments:||By: Rusty Newton (rnewton) 2012-06-26 14:22:24.500-0500|
Damien, I'm told you'll want to verify the patches pass the vectors originally provided by Telus labs on the original issue. If you already did, awesome! Also if you like, you can post these to reviewboard for review.
By: Damien Wedhorn (wedhorn) 2013-03-08 02:03:11.500-0600
Suspending as it doesn't appear to have been an issue in older releases and these changes are already included in 11 and trunk.