Fix error with mixed address family ACLs.
authorMark Michelson <mmichelson@digium.com>
Thu, 20 Nov 2014 16:37:58 +0000 (16:37 +0000)
committerMark Michelson <mmichelson@digium.com>
Thu, 20 Nov 2014 16:37:58 +0000 (16:37 +0000)
Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.

ASTERISK-24469 #close

Reported by Matt Jordan
Patches:
ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)

AST-2014-012
........

Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 428417 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 428422 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 428425 from http://svn.asterisk.org/svn/asterisk/branches/13

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@428426 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/acl.c

index a9f6c46..fa1e35c 100644 (file)
@@ -743,7 +743,7 @@ enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockad
                ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
                ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
 #endif
-               if (ast_sockaddr_is_ipv4(&ha->addr)) {
+               if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
                        if (ast_sockaddr_is_ipv6(addr)) {
                                if (ast_sockaddr_is_ipv4_mapped(addr)) {
                                        /* IPv4 ACLs apply to IPv4-mapped addresses */