← Back to branch summary

~ubuntu-branches/ubuntu/lucid/asterisk/lucid-security

« back to all changes in this revision

Viewing changes to debian/patches/AST-2011-011-1.6.2.diff

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-07-12 15:49:26 UTC
  • Revision ID: james.westby@ubuntu.com-20110712154926-5ogzkiq9f3rb0hm4
Tags: 1:1.6.2.5-0ubuntu1.4
* SECURITY UPDATE: denial of service and possible code exection via
  crafted UDPTL packet
  - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
    main/udptl.c.
  - CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
  data
  - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
    main/manager.c.
  - CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
  - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
    in main/tcptls.c.
  - CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
  - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
    limits to main/manager.c, configs/manager.conf.sample,
    channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
    configs/{skinny,sip,http}.conf.sample.
  - CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
  privilege check
  - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
    main/manager.c.
  - CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
  driver
  - debian/patches/AST-2011-008.diff: set proper length in
    channels/chan_sip.c.
  - CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
  IAX2 channel driver crafted frame
  - debian/patches/AST-2011-010-1.6.2.diff: validate options in
    channels/chan_iax2.c, main/features.c.
  - CVE-2011-2535
* SECURITY UPDATE: account name enumeration
  - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
    channels/chan_sip.c.
  - CVE-2011-2536

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/AST-2011-011-1.6.2.diff
 
1
Description: fix account name enumeration
 
2
Origin: upstream, http://downloads.asterisk.org/pub/security/AST-2011-011-1.6.2.diff
 
3
 
 
4
Index: asterisk-1.6.2.5/channels/chan_sip.c
 
5
===================================================================
 
6
--- asterisk-1.6.2.5.orig/channels/chan_sip.c   2011-07-12 15:48:46.949864020 -0400
 
7
+++ asterisk-1.6.2.5/channels/chan_sip.c        2011-07-12 15:49:06.079864014 -0400
 
8
@@ -12948,9 +12948,9 @@
 
9
 {
 
10
        /* We have to emulate EXACTLY what we'd get with a good peer
 
11
         * and a bad password, or else we leak information. */
 
12
-       const char *response = "407 Proxy Authentication Required";
 
13
-       const char *reqheader = "Proxy-Authorization";
 
14
-       const char *respheader = "Proxy-Authenticate";
 
15
+       const char *response = "401 Unauthorized";
 
16
+       const char *reqheader = "Authorization";
 
17
+       const char *respheader = "WWW-Authenticate";
 
18
        const char *authtoken;
 
19
        struct ast_str *buf;
 
20
        char *c;
 
21
@@ -12965,23 +12965,18 @@
 
22
                [K_LAST] = { NULL, NULL}
 
23
        };
 
24
 
 
25
-       if (sipmethod == SIP_REGISTER || sipmethod == SIP_SUBSCRIBE) {
 
26
-               response = "401 Unauthorized";
 
27
-               reqheader = "Authorization";
 
28
-               respheader = "WWW-Authenticate";
 
29
-       }
 
30
        authtoken = get_header(req, reqheader);
 
31
        if (req->ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) {
 
32
                /* This is a retransmitted invite/register/etc, don't reconstruct authentication
 
33
                 * information */
 
34
-               transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
 
35
+               transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
 
36
                /* Schedule auto destroy in 32 seconds (according to RFC 3261) */
 
37
                sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
 
38
                return;
 
39
        } else if (ast_strlen_zero(p->randdata) || ast_strlen_zero(authtoken)) {
 
40
                /* We have no auth, so issue challenge and request authentication */
 
41
                set_nonce_randdata(p, 1);
 
42
-               transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
 
43
+               transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
 
44
                /* Schedule auto destroy in 32 seconds */
 
45
                sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
 
46
                return;
 
47
@@ -13225,7 +13220,7 @@
 
48
                        }
 
49
                }
 
50
        }
 
51
-       if (!peer && sip_cfg.alwaysauthreject) {
 
52
+       if (!peer && sip_cfg.alwaysauthreject && ast_test_flag(&p->flags[1], SIP_PAGE2_REGISTERTRYING)) {
 
53
                /* If we found a peer, we transmit a 100 Trying.  Therefore, if we're
 
54
                 * trying to avoid leaking information, we MUST also transmit the same
 
55
                 * response when we DON'T find a peer. */