Skip to content
Snippets Groups Projects
Select Git revision
  • dev_fxs_no_wb
  • fix_transport_fallback_at_dns_failure
  • 16302-renew-registration
  • asterisk_rdkb
  • 14600-wenpeng
  • fix_fallback
  • 14666_fxs_no_wideband_codec
  • fix_srv_records
  • wenpeng-test-250121
  • wenpeng-registration-test
  • fix_deadlock_in_bridge_peer_functions
  • devel default protected
  • securesip_pjproject_part1
  • PJ_Example_Review
  • fix_re_register_authorization_header
  • fix_internal_calls_auth
  • fix_internal_calls
  • Secure_SIPtelephony_part1
  • SIPtelephony_DECT_syslog
  • syslog_develop_phase1
  • 22.0.0-pre1
  • 21.4.2
  • 20.9.2
  • 18.24.2
  • certified-20.7-cert2
  • certified-18.9-cert11
  • 21.4.1
  • 20.9.1
  • 18.24.1
  • 21.4.0
  • 20.9.0
  • 18.24.0
  • certified-20.7-cert1
  • certified-18.9-cert10
  • 21.4.0-rc1
  • 20.9.0-rc1
  • 18.24.0-rc1
  • 21.3.1
  • 20.8.1
  • 18.23.1
40 results
Compare
user avatar
Restrict functionality when ACLs are misconfigured.
Mark Michelson authored 
This patch has two main purposes:

1) Improve warning messages when ACLs are configured improperly.
2) Prevent misconfigured ACLs from allowing potentially unwanted
traffic.

To acomplish point (2) in most cases, whatever configuration object that
the ACL belonged to was not allowed to load.

The one exception is res_pjsip_acl. In that case, ACLs are their own
configuration object. Furthermore, the module loading code has no
indication that a ACL configuration had a failure. So the tactic taken
here is to create an ACL that just blocks everything.

ASTERISK-24969
Reported by Corey Farrell

Change-Id: I2ebcb6959cefad03cea4d81401be946203fcacae
11ffcf66
History
user avatar 11ffcf66
History
Name Last commit Last update
..
editline
stdtime
.gitignore
Makefile
abstract_jb.c
acl.c
adsi.c
alaw.c
aoc.c
app.c
ast_expr2.c
ast_expr2.fl
ast_expr2.h
ast_expr2.y
ast_expr2f.c
asterisk.c
asterisk.dynamics
asterisk.exports.in
astfd.c
astmm.c
astobj2.c
astobj2_container.c
astobj2_container_private.h
astobj2_hash.c
astobj2_private.h
astobj2_rbtree.c
audiohook.c
autochan.c
autoservice.c
backtrace.c
bridge.c
bridge_after.c
bridge_basic.c
bridge_channel.c
bridge_roles.c
bucket.c
buildinfo.c
callerid.c
ccss.c
cdr.c
cel.c
channel.c
channel_internal_api.c
chanvars.c
cli.c
codec.c
codec_builtin.c
config.c
config_options.c
core_local.c
core_unreal.c
crypt.c
cygload.c
data.c
datastore.c
db.c
devicestate.c
dial.c
dns.c
dns_core.c
dns_naptr.c
dns_query_set.c
dns_recurring.c
dns_srv.c
dns_test.c
dns_tlsa.c
dnsmgr.c
dsp.c
ecdisa.h
endpoints.c
enum.c
event.c
features.c
features_config.c
file.c
fixedjitterbuf.c
fixedjitterbuf.h
format.c
format_cache.c
format_cap.c
format_compatibility.c
frame.c
framehook.c
fskmodem.c
fskmodem_float.c
fskmodem_int.c
global_datastores.c
hashtab.c
heap.c
http.c
image.c
indications.c
io.c
jitterbuf.c
json.c
libasteriskssl.c
libasteriskssl.exports.in
loader.c
lock.c
logger.c