[asterisk-bugs] [JIRA] (ASTERISK-20499) Crash in libsrtp srtp_unprotect_rtcp when SIP channel is bridged with non-optimizing Local channel

Thu Nov 29 12:26:45 CST 2012

     [ https://issues.asterisk.org/jira/browse/ASTERISK-20499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Rose updated ASTERISK-20499:
-------------------------------------

    Attachment: srtp_diagnostic_patch_policy_breakdown.diff

Alright, that actually helps to narrow things down a bit. I have a suspicion right now that the key in the SRTP policy isn't being set for some reason but we are still reaching the srtp_create function with that policy for some reason. I'm attaching a new diagnostic patch (srtp_diagnostic_patch_policy_breakdown.diff) to confirm that. If I'm correct, then I'll have to trace that to where the policy key is generated and find out what cases allow for the policy to be allocated while a key pointer isn't assigned.

Please apply the patch and tell me what the new log messages say when you make the call. They should look vaguely like this:

[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:439 ast_srtp_create: session pointer: 0x8f7a9e0
[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:440 ast_srtp_create: policy pointer: 0x8f77908
[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:441 ast_srtp_create: Just for grins: 0x8f77908
[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:445 ast_srtp_create: ssrc type = 2
[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:446 ast_srtp_create: ssrc value = 0
[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:448 ast_srtp_create: key pointer = 0x8f77978
[Nov 29 12:16:59] NOTICE[1172]: res_srtp.c:449 ast_srtp_create: key value = 29

Though if my suspicion is correct the key pointer will be NULL and the value will either be 0 or some garbage data.

> Crash in libsrtp srtp_unprotect_rtcp when SIP channel is bridged with non-optimizing Local channel
> --------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-20499
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20499
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 10.8.0
>         Environment: RHEL 5.8 on IBM X3650 M4 - 12 core - Xeon E5-2640 @ 2,50 ghz
>            Reporter: tootai
>            Assignee: tootai
>            Severity: Critical
>         Attachments: asterisk-20499_20121127.log, asterisk-20499_20121127.pcap, asterisk-20499_20121129_01.txt, asterisk-20499.txt, backtrace.txt, backtrace.txt, backtrace.txt, backtrace.txt, coredump20121001205609.txt, gdb.txt, gdb.txt, gdb.txt, gdb.txt, libsrtp-1.4.4-fix_crash_on_rtcp_decode.patch, srtp_diagnostic_patch_policy_breakdown.diff, srtp_diagnostic_with_sleep.diff, srtp_fixes_it_maybe.diff
>
>
> A call from snom320 in SRTP mode to echo test or to another phone *NOT* using SRTP is OK. Now we installed PhonerLite softphone with TLS/SRTP stuf and test with echo test: everything is OK too.
> Now PhonerLite calls the snom: asterisk coredump after 3~5 seconds and we are NOT able to make anymore SRTP calls after this, they all crash asterisk. We had this issue with 10.7.0 and 10.8.0
> We have logfiel from strace as well as coredump.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira