[asterisk-bugs] [JIRA] (ASTERISK-20415) Strict RTP protection learning mode processes non-RTP packets too
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Tue Nov 6 09:56:21 CST 2012
[ https://issues.asterisk.org/jira/browse/ASTERISK-20415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-20415:
-----------------------------------
Target Release Version/s: 10.10.0
1.8.18.0
> Strict RTP protection learning mode processes non-RTP packets too
> -----------------------------------------------------------------
>
> Key: ASTERISK-20415
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20415
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_rtp_asterisk
> Affects Versions: 1.8.15.1
> Reporter: Michele Cicciotti (PrivateWave SpA)
> Assignee: Kinsey Moore
> Severity: Minor
> Target Release: 1.8.18.0, 10.10.0
>
>
> Most of ast_rtp_read does a good job of filtering out non-RTP packets that are transmitted on RTP channels (e.g. STUN or ZRTP), but the strict RTP protection doesn't. It passes the sequence number part of the header to rtp_learning_rtp_seq_update unconditionally, but for non-RTP packets the field has a different meaning (e.g. a distinct sequence number for ZRTP messages, or the message length for STUN packets), which "poisons" learning mode and can lead strict RTP protection to drop all packets on a certain channel
> There needs to be a check for at least the version field before passing the sequence number to rtp_learning_rtp_seq_update: if it is 0, the packet can't be RTP (which is exactly what is done later to recognize STUN packets)
> This is a regression from 1.8.9.1
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list