Merged revisions 159246 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

................
  r159246 | tilghman | 2008-11-25 15:40:28 -0600 (Tue, 25 Nov 2008) | 14 lines

  Merged revisions 159245 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.2

  ........
    r159245 | tilghman | 2008-11-25 15:37:06 -0600 (Tue, 25 Nov 2008) | 7 lines

    Regression fix for last security fix.  Set the iseqno correctly.
    (closes issue #13918)
     Reported by: ffloimair
     Patches:
           20081119__bug13918.diff.txt uploaded by Corydon76 (license 14)
     Tested by: ffloimair
  ........
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@159247 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 7aff8f8..e95d39f 100644 (file)
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -3639,7 +3639,7 @@ struct parsed_dial_string {
 static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
 {
        struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
-               .ts = htonl(ts), .iseqno = seqno, .oseqno = seqno, .type = AST_FRAME_IAX,
+               .ts = htonl(ts), .iseqno = seqno, .oseqno = 0, .type = AST_FRAME_IAX,
                .csub = compress_subclass(command) };
 
        return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
@@ -8318,7 +8318,7 @@ static int socket_process(struct iax2_thread *thread)
                /* Deal with POKE/PONG without allocating a callno */
                if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
                        /* Reply back with a PONG, but don't care about the result. */
-                       send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->oseqno);
+                       send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->iseqno + 1);
                        return 1;
                } else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
                        /* Ignore */