[asterisk-bugs] [JIRA] (ASTERISK-20499) Crash in libsrtp srtp_unprotect_rtcp when SIP channel is bridged with non-optimizing Local channel

tootai (JIRA) noreply at issues.asterisk.org
Thu Nov 15 11:57:45 CST 2012


     [ https://issues.asterisk.org/jira/browse/ASTERISK-20499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

tootai updated ASTERISK-20499:
------------------------------

    Attachment: gdb.txt
                backtrace.txt

Asterisk updated to 10.10.0, srtp updated to 1.4.4 and includes the crash_on_rtcp_decode.patch

As soon as snom320 calls the 800 extension I have this from peer debug:

zone-s*CLI> sip set debug peer 105
SIP Debugging Enabled for IP: xxx.xxx.xxx.xxx

<--- SIP read from TLS:xxx.xxx.xxx.xxx:3855 --->
INVITE sip:800 at sip.domain.net;user=phone SIP/2.0
Via: SIP/2.0/TLS 192.168.10.105:3855;branch=z9hG4bK-tyrj4ftddmlr;rport
From: "TOOTAi" <sip:105 at sip.domain.net>;tag=43aodlfc4v
To: <sip:800 at sip.domain.net;user=phone>
Call-ID: 3c4b9074492e-0wv4806eilsm
CSeq: 1 INVITE
Max-Forwards: 70
Contact: <sip:105 at 192.168.10.105:3855;transport=tls>;reg-id=1
X-Serialnumber: 00041324C312
P-Key-Flags: keys="3"
User-Agent: snom320/8.4.35
Accept: application/sdp
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO, UPDATE
Allow-Events: talk, hold, refer, call-info
Supported: timer, 100rel, replaces, from-change
Call-Info: <sip:sip.domain.net>;appearance-index=1
Session-Expires: 3600;refresher=uas
Min-SE: 90
Content-Type: application/sdp
Content-Length: 478

v=0
o=root 1358164647 1358164647 IN IP4 192.168.10.105
s=call
c=IN IP4 192.168.10.105
t=0 0
m=audio 49152 RTP/SAVP 0 8 9 2 3 18 4 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:OnkcIu8z6xpkMPJszqpY4ThWidSG9FyWEPsFnniR
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:4 G723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:30
a=sendrecv
<------------->
--- (20 headers 19 lines) ---
Sending to xxx.xxx.xxx.xxx:3855 (NAT)
Using INVITE request as basis request - 3c4b9074492e-0wv4806eilsm
Found peer '105' for '105' from xxx.xxx.xxx.xxx:3855
  == Using SIP RTP CoS mark 5
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 9
Found RTP audio format 2
Found RTP audio format 3
Found RTP audio format 18
Found RTP audio format 4
Found RTP audio format 101

and the crash occurs.
                
> Crash in libsrtp srtp_unprotect_rtcp when SIP channel is bridged with non-optimizing Local channel
> --------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-20499
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20499
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 10.8.0
>         Environment: RHEL 5.8 on IBM X3650 M4 - 12 core - Xeon E5-2640 @ 2,50 ghz
>            Reporter: tootai
>            Assignee: tootai
>            Severity: Critical
>         Attachments: backtrace.txt, backtrace.txt, coredump20121001205609.txt, gdb.txt, gdb.txt, libsrtp-1.4.4-fix_crash_on_rtcp_decode.patch
>
>
> A call from snom320 in SRTP mode to echo test or to another phone *NOT* using SRTP is OK. Now we installed PhonerLite softphone with TLS/SRTP stuf and test with echo test: everything is OK too.
> Now PhonerLite calls the snom: asterisk coredump after 3~5 seconds and we are NOT able to make anymore SRTP calls after this, they all crash asterisk. We had this issue with 10.7.0 and 10.8.0
> We have logfiel from strace as well as coredump.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list