Module: sip-router Branch: 4.1 Commit: 67c12f48926c88b265db1501e1d211309bebdc7e URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=67c12f48...
Author: Carsten Bock carsten@ng-voice.com Committer: Carsten Bock carsten@ng-voice.com Date: Sat Jan 11 01:39:21 2014 +0100
ims_auth: Fix for SIP Digest (Segmentation fault) - Fix by Marek Bazler (marek.bazler@acision.com)
---
modules/ims_auth/authorize.c | 36 +++++++++++++++++++++++++++--------- 1 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/modules/ims_auth/authorize.c b/modules/ims_auth/authorize.c index 026e3b5..6b9bb13 100644 --- a/modules/ims_auth/authorize.c +++ b/modules/ims_auth/authorize.c @@ -89,8 +89,7 @@ extern int ignore_failed_auth; extern int av_check_only_impu;
auth_hash_slot_t *auth_data; /**< Authentication vector hash table */ -extern int auth_data_hash_size; /**< authentication vector hash table size */ - +static int act_auth_data_hash_size = 0; /**< authentication vector hash table size */
static str empty_s = {0, 0};
@@ -192,7 +191,7 @@ void reg_await_timer(unsigned int ticks, void* param) { int i;
LM_DBG("Looking for expired/useless at %d\n", ticks); - for (i = 0; i < auth_data_hash_size; i++) { + for (i = 0; i < act_auth_data_hash_size; i++) { auth_data_lock(i); aud = auth_data[i].head; while (aud) { @@ -704,8 +703,27 @@ int authenticate(struct sip_msg* msg, char* _realm, char* str2, int is_proxy_aut &qop_str, qop == QOP_AUTHINT, &msg->first_line.u.request.method, &uri, hbody, expected); - LM_INFO("UE said: %.*s and we expect %.*s ha1 %.*s (%.*s)\n", - response16.len, response16.s, /*av->authorization.len,av->authorization.s,*/32, expected, 32, ha1, msg->first_line.u.request.method.len, msg->first_line.u.request.method.s); + LM_INFO("UE said: %.*s and we expect %.*s ha1 %.*s (%.*s)\n", + response16.len, response16.s, + /*av->authorization.len,av->authorization.s,*/32, expected, + 32, ha1, + msg->first_line.u.request.method.len, msg->first_line.u.request.method.s); + break; + case AUTH_SIP_DIGEST: + case AUTH_DIGEST: + // memcpy of received HA1 + memcpy(ha1, av->authorization.s, HASHHEXLEN); + calc_response(ha1, &(av->authenticate), + &nc, + &cnonce, + &qop_str, + qop == QOP_AUTHINT, + &msg->first_line.u.request.method, &uri, hbody, expected); + LM_INFO("UE said: %.*s and we expect %.*s ha1 %.*s (%.*s)\n", + response16.len, response16.s, + 32,expected, + 32,ha1, + msg->first_line.u.request.method.len, msg->first_line.u.request.method.s); break; default: LM_ERR("algorithm %.*s is not handled.\n", @@ -902,11 +920,11 @@ int auth_data_init(int size) { return 0; } memset(auth_data, 0, sizeof (auth_hash_slot_t) * size); - auth_data_hash_size = size; for (i = 0; i < size; i++) { auth_data[i].lock = lock_alloc(); lock_init(auth_data[i].lock); } + act_auth_data_hash_size = size; return 1; }
@@ -915,7 +933,7 @@ int auth_data_init(int size) { void auth_data_destroy() { int i; auth_userdata *aud, *next; - for (i = 0; i < auth_data_hash_size; i++) { + for (i = 0; i < act_auth_data_hash_size; i++) { auth_data_lock(i); lock_destroy(auth_data[i].lock); lock_dealloc(auth_data[i].lock); @@ -1181,9 +1199,9 @@ void free_auth_userdata(auth_userdata * aud) { */ inline unsigned int get_hash_auth(str private_identity, str public_identity) { if (av_check_only_impu) - return core_hash(&public_identity, 0, auth_data_hash_size); + return core_hash(&public_identity, 0, act_auth_data_hash_size); else - return core_hash(&public_identity, 0, auth_data_hash_size); + return core_hash(&public_identity, 0, act_auth_data_hash_size); /*
-
Carsten Bock