diff options
author | Matthew Jordan <mjordan@digium.com> | 2012-08-30 16:25:34 +0000 |
---|---|---|
committer | Matthew Jordan <mjordan@digium.com> | 2012-08-30 16:25:34 +0000 |
commit | acbe1f90e704680c0ae56c0303123fde696adad3 (patch) | |
tree | 879afb53969d364466a228ea71683484a5744ed1 /apps | |
parent | d624f2c550e862fd016eba9cdff7187d2c4757dc (diff) |
AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers
When an IAX2 call is made using the credentials of a peer defined in a dynamic
Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are
not applied to the call attempt. This allows for a remote attacker who is aware
of a peer's credentials to bypass the ACL rules set for that peer.
This patch ensures that the ACLs are applied for all peers, regardless of their
storage mechanism.
(closes issue ASTERISK-20186)
Reported by: Alan Frisch
Tested by: mjordan, Alan Frisch
........
Merged revisions 372028 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'apps')
0 files changed, 0 insertions, 0 deletions