[asterisk-bugs] [Asterisk 0008952]: Asterisk accepts RTP from random endpoints

noreply at bugs.digium.com noreply at bugs.digium.com
Mon Jan 21 10:58:45 CST 2008 

email_notification_title_for_status_bug_ready_for_testing 
====================================================================== 
http://bugs.digium.com/view.php?id=8952 
====================================================================== 
Reported By:                amorsen
Assigned To:                file
====================================================================== 
Project:                    Asterisk
Issue ID:                   8952
Category:                   Core/RTP
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     ready for testing
Asterisk Version:            1.2.13 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             01-31-2007 08:38 CST
Last Modified:              01-21-2008 10:58 CST
====================================================================== 
Summary:                    Asterisk accepts RTP from random endpoints
Description: 
Sometimes the audio from an unrelated call would enter the RTP stream,
accompanied by a stream of:  == Forcing Marker bit, because SSRC has
changed

I finally had the chance to tcpdump when it happened. The basic setup is a
central asterisk connected by SIP to two branch asterisks. A call from the
central to branch2 has failed on the central asterisk but somehow stayed
open on branch2, so branch2 kept sending audio which central naturally
ignored. The audio is sent as RTP, and the RTP port on central happens to
be 18796.

Later another call comes along from central to branch1, and the RTP port
chosen for this call on central happens to be 18796. branch1 starts sending
RTP to that port, and asterisk happily accepts BOTH RTP streams. Obviously
asterisk should reject the RTP stream from branch2. Failure to do so is a
security breach.

I have not tried to replicate this issue, it has happened several times
but until now I have not had the chance to debug it. Replicating it
properly would involve generating an RTP stream.

====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
01-21-08 10:58  file           Status                   assigned => ready for
testing
======================================================================

More information about the asterisk-bugs mailing list