chan_sip: Add security event for calls to invalid extension.
authorCorey Farrell <git@cfware.com>
Thu, 6 Oct 2016 06:29:21 +0000 (02:29 -0400)
committerRichard Mudgett <rmudgett@digium.com>
Fri, 15 Dec 2017 18:43:38 +0000 (12:43 -0600)
Log a message to security events when an INVITE is received to an
invalid extension.

ASTERISK-25869 #close

Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f

CHANGES
channels/chan_sip.c

diff --git a/CHANGES b/CHANGES
index f367f46..bd1ca67 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -50,6 +50,11 @@ Core
    Asterisk is compiled with the LOW_MEMORY compile time option enabled because
    the cache code does not exist.
 
+chan_sip
+------------------
+ * Calls to invalid extensions are now reported as an ACL failure security event
+   "no_extension_match".
+
 res_rtp_asterisk
 ------------------
  * The X.509 certificate used for DTLS negotation can now be automatically
index 2d20442..e54997b 100644 (file)
@@ -26654,6 +26654,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, str
                                        ast_log(LOG_NOTICE, "Call from '%s' (%s) to extension"
                                                " '%s' rejected because extension not found in context '%s'.\n",
                                                S_OR(p->username, p->peername), ast_sockaddr_stringify(&p->recv), decoded_exten, p->context);
+                                       sip_report_failed_acl(p, "no_extension_match");
                                }
                                break;
                        case SIP_GET_DEST_REFUSED: