Summary:ASTERISK-21429: Distributed Device State using JABBER/XMPP not working since Secuity Advisory AST-2012-015
Reporter:Alec Davis (alecdavis)Labels:
Date Opened:2013-04-13 05:25:36Date Closed:2013-04-17 08:59:40
Status:Closed/CompleteComponents:Resources/res_jabber Resources/res_xmpp
Versions: 11.1.1 11.1.2 11.2.0 11.3.0 Frequency of
must be completed before resolvingASTERISK-21773 Asterisk Open Blockers
must be completed before resolvingASTERISK-21774 Asterisk 11.4.0 Open Blockers
is caused byASTERISK-20175 Security Vulnerability: denial of service attack through exploitation of device state caching
is related toASTERISK-21069 xmpp distributed device states aggregation update fails
is related toASTERISK-21164 Need clarification on distributed device state behavior and whether this behavior is a possible regression
Environment:SiteA SVN-branch-11-r376441 SiteB SVN-branch-11-r378321Attachments:( 0) r2452_diff3.txt
Description:Prior to the cachable devicestate changes from ASTERISK-20175, both sites worked fine.

Site B is the site having issues, it doesn't update it's hints, and the phones that subscribe to the hint don't update there BLF.

Reverting back to asterisk-11-r378287 at SiteB and it works again.

SiteA is running a version without the devicestate cachable changes, thus is not sending the new IE cachable=1, but from what I can tell the default is to assume cachable.
Comments:By: Alec Davis (alecdavis) 2013-04-13 07:33:11.033-0500

Tested with Site A not sending the IE 'cachable'.

'core show hints' at SiteB, correctly showed the ringing state of a phone in siteA.

By: Alec Davis (alecdavis) 2013-04-13 17:53:28.913-0500

attached bug21429.diff.txt

This fixes the scenario when an older system doesn't send the IE cachable=1 in the XMPP message, to a newer system that expects to see it.

If the IE 'cachable' isn't present we need to default to AST_DEVSTATE_CACHABLE.
Assigning the cachable variable directly from ast_event_get_ie_uint is wrong, if the IE 'cachable' isn't found ast_event_get_ie_uint() will return 0, 0 = AST_DEVSTATE_NOT_CACHABLE

We need to read the 'cachable' IE into a string first, allowing us to check that it exists, if it doesn't exist then default to cachable=AST_DEVSTATE_CACHABLE.
If the 'cachable' IE does exist, then convert to a uint, validate value and go with it.

By: Alec Davis (alecdavis) 2013-04-13 18:34:02.365-0500

updated bug21429.diff2.txt

By: Alec Davis (alecdavis) 2013-05-10 00:10:28.964-0500

patch from reviewboard that was commited