Summary:ASTERISK-20015: Device handling issues in skinny
Reporter:Damien Wedhorn (wedhorn)Labels:
Date Opened:2012-06-16 18:00:08Date Closed:2013-03-08 02:03:11.000-0600
Versions: 10.6.0 Frequency of
is related toASTERISK-19905 Security Vulnerability: remotely exploitable crash in chan_skinny if client is disconnected when client is not in on-hook state
Environment:Attachments:( 0) skinny.device-deref.ast1.8.diff
( 1) skinny.device-deref.ast10.diff
Description:Revised handling so that l->device is set on configuration rather than registration. This is in light of security issues identified with chan_skinny and ensures that dereferences of l->device are valid in respect of messages from a device (or program masquerading as a device). Tests of l->device are left in (although many would be redundant) and expanded to test for a valid session.

Also rejects a registration if the device is already registered. The "attack" tools would through a registered device offline, this patch also forbids that.

These changes (or equivalent) are already in trunk.
Comments:By: Rusty Newton (rnewton) 2012-06-26 14:22:24.500-0500

Damien, I'm told you'll want to verify the patches pass the vectors originally provided by Telus labs on the original issue. If you already did, awesome! Also if you like, you can post these to reviewboard for review.

Thanks again!

By: Damien Wedhorn (wedhorn) 2013-03-08 02:03:11.500-0600

Suspending as it doesn't appear to have been an issue in older releases and these changes are already included in 11 and trunk.