[asterisk-bugs] [Asterisk 0014000]: [patch] Wrong usage of sscanf with use of uninitialized variable caused accidental parsing of RTP/SAVP

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Dec 2 11:33:47 CST 2008


The following issue has been ASSIGNED. 
====================================================================== 
http://bugs.digium.com/view.php?id=14000 
====================================================================== 
Reported By:                folke
Assigned To:                Corydon76
====================================================================== 
Project:                    Asterisk
Issue ID:                   14000
Category:                   Channels/chan_sip/CodecHandling
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 159896 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-12-01 07:36 CST
Last Modified:              2008-12-02 11:33 CST
====================================================================== 
Summary:                    [patch] Wrong usage of sscanf with use of
uninitialized variable caused accidental parsing of RTP/SAVP
Description: 
Hi folks!

We are Nortel VoIP-PBX Supporter and have a customer with as SIP-Trunk
between Nortel CS1000 and Asterisk. Worked fine. After an upgrade on Nortel
PBX to a new MediaGatewayCard (MC32s) no calls could be established. The
Nortel offers after the upgrade next to RTP also SRTP. 

But asterisk accidentaly parses also the m=audio line with RTP/SAVP in the
incoming SDP-Message causing to refused the call ('488 Not acceptable').

It was because a sscanf is used in chan_sip.c / process_sdp() to compare
and examine the 'm=audio' in a wrong way. As soon as the line starts with
'audio ' followed by a number, sscanf returns '1' regardless of the rest of
the line. The result of '%n' variable of sscanf was then used unitialized.

With my fix now chan_sip ignores now the 'm=audio ... RTP/SAVP' lines and
everything is fine.

see details

patch available


====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-02 11:33 Corydon76      Status                   new => assigned     
2008-12-02 11:33 Corydon76      Assigned To               => Corydon76       
======================================================================




More information about the asterisk-bugs mailing list