From: Sebastian Kemper Date: Fri, 12 Jul 2019 18:43:14 +0000 (+0200) Subject: asterisk-13.x: fix AST-2019-002 & AST-2019-003 X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=f4eaf906cc13f3195b8e16612bf95fa25146d41f;p=feed%2Ftelephony.git asterisk-13.x: fix AST-2019-002 & AST-2019-003 https://downloads.asterisk.org/pub/security/AST-2019-002.html https://downloads.asterisk.org/pub/security/AST-2019-003.html Signed-off-by: Sebastian Kemper --- diff --git a/net/asterisk-13.x/Makefile b/net/asterisk-13.x/Makefile index eee6de0..f80091c 100644 --- a/net/asterisk-13.x/Makefile +++ b/net/asterisk-13.x/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=asterisk13 PKG_VERSION:=13.24.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://downloads.asterisk.org/pub/telephony/asterisk/releases diff --git a/net/asterisk-13.x/patches/110-AST-2019-002-13.diff b/net/asterisk-13.x/patches/110-AST-2019-002-13.diff new file mode 100644 index 0000000..a385e25 --- /dev/null +++ b/net/asterisk-13.x/patches/110-AST-2019-002-13.diff @@ -0,0 +1,35 @@ +From a9d8b56831146166abc7fb8abe8ae8aaff295358 Mon Sep 17 00:00:00 2001 +From: George Joseph +Date: Wed, 12 Jun 2019 12:03:04 -0600 +Subject: [PATCH] res_pjsip_messaging: Check for body in in-dialog message + +We now check that a body exists and it has a length > 0 before +attempting to process it. + +ASTERISK-28447 +Reported-by: Gil Richard + +Change-Id: Ic469544b22ab848734636588d4c93426cc6f4b1f +--- + +diff --git a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c +index 10c5f29..76d37f2 100644 +--- a/res/res_pjsip_messaging.c ++++ b/res/res_pjsip_messaging.c +@@ -91,10 +91,13 @@ + static const pj_str_t text = { "text", 4}; + static const pj_str_t application = { "application", 11}; + ++ if (!(rdata->msg_info.msg->body && rdata->msg_info.msg->body->len > 0)) { ++ return res; ++ } ++ + /* We'll accept any text/ or application/ content type */ +- if (rdata->msg_info.msg->body && rdata->msg_info.msg->body->len +- && (pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &text) == 0 +- || pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &application) == 0)) { ++ if (pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &text) == 0 ++ || pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &application) == 0) { + res = PJSIP_SC_OK; + } else if (rdata->msg_info.ctype + && (pj_stricmp(&rdata->msg_info.ctype->media.type, &text) == 0 diff --git a/net/asterisk-13.x/patches/120-AST-2019-003-13.diff b/net/asterisk-13.x/patches/120-AST-2019-003-13.diff new file mode 100644 index 0000000..afc8325 --- /dev/null +++ b/net/asterisk-13.x/patches/120-AST-2019-003-13.diff @@ -0,0 +1,39 @@ +From 3ab9291a563656dfebcb7de67c86351541f3de1c Mon Sep 17 00:00:00 2001 +From: Francesco Castellano +Date: Fri, 28 Jun 2019 18:15:31 +0200 +Subject: [PATCH] chan_sip: Handle invalid SDP answer to T.38 re-invite + +The chan_sip module performs a T.38 re-invite using a single media +stream of udptl, and expects the SDP answer to be the same. + +If an SDP answer is received instead that contains an additional +media stream with no joint codec a crash will occur as the code +assumes that at least one joint codec will exist in this +scenario. + +This change removes this assumption. + +ASTERISK-28465 + +Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87 +--- + +diff --git a/channels/chan_sip.c b/channels/chan_sip.c +index 7c8928d..223ff3c 100644 +--- a/channels/chan_sip.c ++++ b/channels/chan_sip.c +@@ -10911,7 +10911,13 @@ + ast_rtp_lookup_mime_multiple2(s3, NULL, newnoncodeccapability, 0, 0)); + } + +- if (portno != -1 || vportno != -1 || tportno != -1) { ++ /* When UDPTL is negotiated it is expected that there are no compatible codecs as audio or ++ * video is not being transported, thus we continue in this function further up if that is ++ * the case. If we receive an SDP answer containing both a UDPTL stream and another media ++ * stream however we need to check again to ensure that there is at least one joint codec ++ * instead of assuming there is one. ++ */ ++ if ((portno != -1 || vportno != -1 || tportno != -1) && ast_format_cap_count(newjointcapability)) { + /* We are now ready to change the sip session and RTP structures with the offered codecs, since + they are acceptable */ + unsigned int framing;