kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-12 04:48:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f94a310ca06a5d876026c698e0c6742536c3cb15
asterisk/res/res_pjsip
History
Richard Mudgett 034a04af2a AST-2018-008: Fix enumeration of endpoints from ACL rejected addresses. 
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden.  However, if an endpoint is not identified then a 401
unauthorized response is sent.  This vulnerability just discloses which
requests hit a defined endpoint.  The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.

* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified.  The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.

ASTERISK-27818

Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
2018-06-11 10:26:37 -05:00
..
include
pjsip: Rewrite OPTIONS support with new eyes.
2018-04-27 17:26:54 -05:00
config_auth.c
res_pjsip: Add "like" processing to pjsip list and show commands
2015-10-24 10:00:30 -06:00
config_domain_aliases.c
res_pjsip/config_domain_aliases.c: Add check for missing domain.
2018-02-05 14:01:15 -06:00
config_global.c
res_pjsip: Add ignore_uri_user_options option.
2016-09-09 17:09:54 -05:00
config_system.c
res_pjsip.c: Split ast_sip_push_task_synchronous() to fit expectations.
2018-04-12 17:15:10 -05:00
config_transport.c
pjsip: Increase maximum number of usable ciphers & other cleanups
2018-05-02 09:03:59 -04:00
location.c
pjsip: Rewrite OPTIONS support with new eyes.
2018-04-27 17:26:54 -05:00
pjsip_cli.c
pjsip: Improve CLI completion performance
2017-12-10 13:56:51 -05:00
pjsip_configuration.c
pjsip: Rewrite OPTIONS support with new eyes.
2018-04-27 17:26:54 -05:00
pjsip_distributor.c
AST-2018-008: Fix enumeration of endpoints from ACL rejected addresses.
2018-06-11 10:26:37 -05:00
pjsip_global_headers.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
pjsip_message_filter.c
AST-2017-014: res_pjsip - Missing contact header can cause crash
2017-12-22 15:38:56 -06:00
pjsip_options.c
Merge "pjsip_options: handle modification of qualify options in realtime" into 13
2018-06-06 11:21:38 -05:00
pjsip_outbound_auth.c
res_pjsip: make it unloadable (take 2)
2015-01-27 19:08:44 +00:00
pjsip_scheduler.c
Merge "pjsip_scheduler.c: Add ability to trace scheduled tasks." into 13
2018-04-16 07:00:21 -05:00
pjsip_session.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
pjsip_transport_events.c
pjsip_transport_events.c: Fix crash using stale transport pointer.
2018-03-20 15:04:17 -05:00
pjsip_transport_management.c
res_pjsip: Register pjsip_transport_management not externally but internally.
2018-05-16 23:35:32 -06:00
presence_xml.c
res_pjsip_pidf_eyebeam_body_supplement: Correct status presentation
2017-08-01 15:44:30 -06:00
security_events.c
security-events: Fix SuccessfulAuth using_password declaration.
2017-12-04 17:19:23 -06:00