diff options
author | Matthew Jordan <mjordan@digium.com> | 2012-08-30 16:25:34 +0000 |
---|---|---|
committer | Matthew Jordan <mjordan@digium.com> | 2012-08-30 16:25:34 +0000 |
commit | acbe1f90e704680c0ae56c0303123fde696adad3 (patch) | |
tree | 879afb53969d364466a228ea71683484a5744ed1 | |
parent | d624f2c550e862fd016eba9cdff7187d2c4757dc (diff) |
AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers
When an IAX2 call is made using the credentials of a peer defined in a dynamic
Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are
not applied to the call attempt. This allows for a remote attacker who is aware
of a peer's credentials to bypass the ACL rules set for that peer.
This patch ensures that the ACLs are applied for all peers, regardless of their
storage mechanism.
(closes issue ASTERISK-20186)
Reported by: Alan Frisch
Tested by: mjordan, Alan Frisch
........
Merged revisions 372028 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rw-r--r-- | channels/chan_iax2.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 377496288..1b71aa131 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -7699,7 +7699,7 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies while ((user = ao2_iterator_next(&i))) { if ((ast_strlen_zero(iaxs[callno]->username) || /* No username specified */ !strcmp(iaxs[callno]->username, user->name)) /* Or this username specified */ - && ast_apply_acl(user->acl, &addr, "IAX2 user ACL: ") /* Access is permitted from this IP */ + && (ast_apply_acl(user->acl, &addr, "IAX2 user ACL: ") == AST_SENSE_ALLOW) /* Access is permitted from this IP */ && (ast_strlen_zero(iaxs[callno]->context) || /* No context specified */ apply_context(user->contexts, iaxs[callno]->context))) { /* Context is permitted */ if (!ast_strlen_zero(iaxs[callno]->username)) { @@ -7757,8 +7757,9 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies user = best; if (!user && !ast_strlen_zero(iaxs[callno]->username)) { user = realtime_user(iaxs[callno]->username, sin); - if (user && !ast_strlen_zero(iaxs[callno]->context) && /* No context specified */ - !apply_context(user->contexts, iaxs[callno]->context)) { /* Context is permitted */ + if (user && (ast_apply_acl(user->acl, &addr, "IAX2 user ACL: ") == AST_SENSE_DENY /* Access is denied from this IP */ + || (!ast_strlen_zero(iaxs[callno]->context) && /* No context specified */ + !apply_context(user->contexts, iaxs[callno]->context)))) { /* Context is permitted */ user = user_unref(user); } } |