Skip to content
Snippets Groups Projects
Commit acbe1f90 authored by Matthew Jordan's avatar Matthew Jordan
Browse files

AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers 

When an IAX2 call is made using the credentials of a peer defined in a dynamic
Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are
not applied to the call attempt. This allows for a remote attacker who is aware
of a peer's credentials to bypass the ACL rules set for that peer.

This patch ensures that the ACLs are applied for all peers, regardless of their
storage mechanism.

(closes issue ASTERISK-20186)
Reported by: Alan Frisch
Tested by: mjordan, Alan Frisch
........

Merged revisions 372028 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent d624f2c5
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 3 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment