Restrict functionality when ACLs are misconfigured.

This patch has two main purposes: 1) Improve warning messages when ACLs are configured improperly. 2) Prevent misconfigured ACLs from allowing potentially unwanted traffic. To acomplish point (2) in most cases, whatever configuration object that the ACL belonged to was not allowed to load. The one exception is res_pjsip_acl. In that case, ACLs are their own configuration object. Furthermore, the module loading code has no indication that a ACL configuration had a failure. So the tactic taken here is to create an ACL that just blocks everything. ASTERISK-24969 Reported by Corey Farrell Change-Id: I2ebcb6959cefad03cea4d81401be946203fcacae
author: Mark Michelson <mmichelson@digium.com> 2015-04-28 17:00:37 -0500
committer: Mark Michelson <mmichelson@digium.com> 2015-04-30 10:43:51 -0500
commit: 11ffcf662f6b19eb0e9d5f8914d379ebef0177c4 (patch)
tree: a2727599061f560cce4900094e4854364c9c7add /channels/chan_iax2.c
parent: 57cbb4bc8dda4cf4939f029e60290e3335a82c05 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 253160a92..bb9c52bb8 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -13746,6 +13746,7 @@ static int set_config(const char *config_file, int reload, int forced)
 		} else if (!strcasecmp(v->name, "calltokenoptional")) {
 			if (add_calltoken_ignore(v->value)) {
 				ast_log(LOG_WARNING, "Invalid calltokenoptional address range - '%s' line %d\n", v->value, v->lineno);
+				return -1;
 			}
 		} else if (!strcasecmp(v->name, "calltokenexpiration")) {
 			int temp = -1;
author	Mark Michelson <mmichelson@digium.com>	2015-04-28 17:00:37 -0500
committer	Mark Michelson <mmichelson@digium.com>	2015-04-30 10:43:51 -0500
commit	11ffcf662f6b19eb0e9d5f8914d379ebef0177c4 (patch)
tree	a2727599061f560cce4900094e4854364c9c7add /channels/chan_iax2.c
parent	57cbb4bc8dda4cf4939f029e60290e3335a82c05 (diff)