From 43bdddfc2624f8f533b734f5a95e2e46ced417e1 Mon Sep 17 00:00:00 2001 From: Kevin Harwell Date: Wed, 12 Aug 2015 12:59:53 -0500 Subject: [PATCH] chan_sip.c: wrong peer searched in sip_report_security_event In chan_sip, after handling an incoming invite a security event is raised describing authorization (success, failure, etc...). However, it was doing a lookup of the peer by extension. This is fine for register messages, but in the case of an invite it may search and find the wrong peer, or a non existent one (for instance, in the case of call pickup). Also, if the peers are configured through realtime this may cause an unnecessary database lookup when caching is enabled. This patch makes it so that sip_report_security_event searches by IP address when looking for a peer instead of by extension after an invite is processed. ASTERISK-25320 #close Change-Id: I9b3f11549efb475b6561c64f0e6da1a481d98bc4 --- channels/chan_sip.c | 4 ++-- channels/sip/include/security_events.h | 3 ++- channels/sip/security_events.c | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 627f501871..5a49392cf1 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -28101,7 +28101,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as res = handle_request_invite(p, req, addr, seqno, recount, e, nounlock); if (res < 9) { - sip_report_security_event(p, req, res); + sip_report_security_event(NULL, &p->recv, p, req, res); } switch (res) { @@ -28140,7 +28140,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as break; case SIP_REGISTER: res = handle_request_register(p, req, addr, e); - sip_report_security_event(p, req, res); + sip_report_security_event(p->exten, NULL, p, req, res); break; case SIP_INFO: if (req->debug) diff --git a/channels/sip/include/security_events.h b/channels/sip/include/security_events.h index cee2fa7073..1d0f58b410 100644 --- a/channels/sip/include/security_events.h +++ b/channels/sip/include/security_events.h @@ -38,6 +38,7 @@ void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *r void sip_report_chal_sent(const struct sip_pvt *p); void sip_report_inval_transport(const struct sip_pvt *p, const char *transport); void sip_digest_parser(char *c, struct digestkeys *keys); -int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res); +int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p, + const struct sip_request *req, const int res); #endif diff --git a/channels/sip/security_events.c b/channels/sip/security_events.c index e1b9c174a4..22b767c44c 100644 --- a/channels/sip/security_events.c +++ b/channels/sip/security_events.c @@ -270,7 +270,8 @@ void sip_report_inval_transport(const struct sip_pvt *p, const char *transport) ast_security_event_report(AST_SEC_EVT(&inval_transport)); } -int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res) { +int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p, + const struct sip_request *req, const int res) { struct sip_peer *peer_report; enum check_auth_result res_report = res; @@ -288,7 +289,7 @@ int sip_report_security_event(const struct sip_pvt *p, const struct sip_request [K_LAST] = { NULL, NULL} }; - peer_report = sip_find_peer(p->exten, NULL, TRUE, FINDPEERS, FALSE, 0); + peer_report = sip_find_peer(peer, addr, TRUE, FINDPEERS, FALSE, p->socket.type); switch(res_report) { case AUTH_DONT_KNOW: