1
Description: fix account name enumeration
2
Origin: upstream, http://downloads.asterisk.org/pub/security/AST-2011-011-1.6.2.diff
4
Index: asterisk-1.6.2.5/channels/chan_sip.c
5
===================================================================
6
--- asterisk-1.6.2.5.orig/channels/chan_sip.c 2011-07-12 15:48:46.949864020 -0400
7
+++ asterisk-1.6.2.5/channels/chan_sip.c 2011-07-12 15:49:06.079864014 -0400
8
@@ -12948,9 +12948,9 @@
10
/* We have to emulate EXACTLY what we'd get with a good peer
11
* and a bad password, or else we leak information. */
12
- const char *response = "407 Proxy Authentication Required";
13
- const char *reqheader = "Proxy-Authorization";
14
- const char *respheader = "Proxy-Authenticate";
15
+ const char *response = "401 Unauthorized";
16
+ const char *reqheader = "Authorization";
17
+ const char *respheader = "WWW-Authenticate";
18
const char *authtoken;
21
@@ -12965,23 +12965,18 @@
22
[K_LAST] = { NULL, NULL}
25
- if (sipmethod == SIP_REGISTER || sipmethod == SIP_SUBSCRIBE) {
26
- response = "401 Unauthorized";
27
- reqheader = "Authorization";
28
- respheader = "WWW-Authenticate";
30
authtoken = get_header(req, reqheader);
31
if (req->ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) {
32
/* This is a retransmitted invite/register/etc, don't reconstruct authentication
34
- transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
35
+ transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
36
/* Schedule auto destroy in 32 seconds (according to RFC 3261) */
37
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
39
} else if (ast_strlen_zero(p->randdata) || ast_strlen_zero(authtoken)) {
40
/* We have no auth, so issue challenge and request authentication */
41
set_nonce_randdata(p, 1);
42
- transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
43
+ transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
44
/* Schedule auto destroy in 32 seconds */
45
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
47
@@ -13225,7 +13220,7 @@
51
- if (!peer && sip_cfg.alwaysauthreject) {
52
+ if (!peer && sip_cfg.alwaysauthreject && ast_test_flag(&p->flags[1], SIP_PAGE2_REGISTERTRYING)) {
53
/* If we found a peer, we transmit a 100 Trying. Therefore, if we're
54
* trying to avoid leaking information, we MUST also transmit the same
55
* response when we DON'T find a peer. */