Merged revisions 227700 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r227700 | file | 2009-11-04 15:17:39 -0400 (Wed, 04 Nov 2009) | 5 lines Fix a security issue where sending a REGISTER with a differing username in the From URI and Authorization header would reveal whether it was valid or not. (AST-2009-008) ........ git-svn-id: http://svn.digium.com/svn/asterisk/trunk@227712 f38db490-d61c-443f-a65b-d21fe96a405b
2009-11-04 19:20:46 +00:00 · 2009-11-04 19:20:46 +00:00 · 2088c56027
parent aac473afa7
commit 2088c56027
1 changed files with 2 additions and 7 deletions
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@ -13534,11 +13534,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 			   Asterisk uses the From: username for authentication. We need the
 			   devices to use the same authentication user name until we support
 			   proper authentication by digest auth name */
 			transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
 			if (global_authfailureevents)
 				manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_USERNAME_MISMATCH\r\nAddress: %s\r\nPort: %d\r\n",
 					name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 			break;
 		case AUTH_NOT_FOUND:
 		case AUTH_PEER_NOT_DYNAMIC:
 		case AUTH_ACL_FAILED:
@ -13560,8 +13555,8 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 				else
 					transmit_response(p, "404 Not found", &p->initreq);
 					if (global_authfailureevents)
-						manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: URI_NOT_FOUND\r\nAddress: %s\r\nPort: %d\r\n",
+						manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: %s\r\nAddress: %s\r\nPort: %d\r\n",
-							name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
+							      name, (res == AUTH_USERNAME_MISMATCH) ? "AUTH_USERNAME_MISMATCH" : "URI_NOT_FOUND", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 			}
 			break;
 		case AUTH_BAD_TRANSPORT: