[asterisk-bugs] [Asterisk 0017976]: Asterisk Crash on RTCP package in SRTP mode
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Oct 26 12:25:24 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17976
======================================================================
Reported By: bernhards
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17976
Category: Resources/res_srtp
Reproducibility: always
Severity: crash
Priority: normal
Status: acknowledged
Asterisk Version: SVN
JIRA: SWP-2196
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.8
SVN Revision (number only!): 285988
Request Review:
======================================================================
Date Submitted: 2010-09-10 01:52 CDT
Last Modified: 2010-10-26 12:25 CDT
======================================================================
Summary: Asterisk Crash on RTCP package in SRTP mode
Description:
"snom360-SIP 8.4.18 42570" connected to Asterisk with TLS. snom makes an
outbound call to another phone (without srtp). Other telephone does ring -
then Asterisk does crash.
libsrtp version 1.4.4. was used - without a change.
======================================================================
----------------------------------------------------------------------
(0128406) 1stbs (reporter) - 2010-10-26 12:25
https://issues.asterisk.org/view.php?id=17976#c128406
----------------------------------------------------------------------
hello i got the same prob
i try to fix it and get follow analysis
the error occur in svn/ trunk/ srtp/ crypto/ replay/ rdb.c
exactly in the function rdb_add_index when it calls
v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask-delta);
i have added some debbuging information in the function
index is : 3010
rdb->window_start is : 0
rdb_bits_in_bitmask is : 128
delta in else tree is : 2883
rdb_bits_in_bitmask-delta= -2755
and with that negativ value you got the the core dump
right now i have just out commented the else tree to devoid the crash. it
seems to work but replay function is damaged a little bit.
Perhaps anybody here has a better idea to solve this issue
Issue History
Date Modified Username Field Change
======================================================================
2010-10-26 12:25 1stbs Note Added: 0128406
======================================================================
More information about the asterisk-bugs
mailing list