[asterisk-bugs] [JIRA] (ASTERISK-20499) Crash in libsrtp srtp_unprotect_rtcp when SIP channel is bridged with non-optimizing Local channel

tootai (JIRA) noreply at issues.asterisk.org
Sun Jan 6 10:54:45 CST 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-20499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=201151#comment-201151 ] 

tootai commented on ASTERISK-20499:
-----------------------------------

Hi Jonathan,

I installed a fresh 10.11.1 on the server that causes problem, reset my snom320 to factory value (asked by SNOM support) and enter again the datas.

FYI, in snom320, ID 11 is the one connected to the server in VM, ID 12 the one connected to physical IBM. I have both certificats loaded in the phone, first in the list is the one from IBM server, second the one from VM server.

I pass a call in TLS/SRP on 10.11.1 stock version: server crashed.

I then apply the below patch I created from a diff from previous 10.10.0 asterisk version.

--- res/res_srtp.c      2012-05-18 16:01:56.000000000 +0200
+++ res/res_srtp.c      2012-12-06 13:00:22.593095998 +0100
@@ -37,7 +37,7 @@
 
 #include "asterisk.h"
 
-ASTERISK_FILE_VERSION(__FILE__, "$Revision: 366881 $")
+ASTERISK_FILE_VERSION(__FILE__, "$Revision: 377256 $")
 
 #include <srtp/srtp.h>
 
@@ -383,6 +383,8 @@
                                        retry++;
                                        ao2_iterator_destroy(&it);
                                        goto tryagain;
+                               } else {
+                                       srtp->session = NULL;
                                }
                                ao2_t_ref(policy, -1, "Unreffing first policy after srtp_create failed");
                        }
@@ -437,6 +439,8 @@
 
        /* Any failures after this point can use ast_srtp_destroy to destroy the instance */
        if (srtp_create(&temp->session, &policy->sp) != err_status_ok) {
+               /* Session either wasn't created or was created and dealloced. */
+               temp->session = NULL;
                ast_srtp_destroy(temp);
                return -1;
        }

Calls are no more crashing asterisk but they still don't get through, staying with an error asterisk-10.11.1/main/rtp_engine.c->int ast_rtp_instance_add_srtp_policy(struct ast_rtp_instance *instance, struct ast_srtp_policy *remote_policy, struct ast_srtp_policy *local_policy) where

if (!instance->srtp) {                                                                                                                                                 
             res = res_srtp->create(&instance->srtp, instance, remote_policy);

returns -1 as you can see here (I added my own logs):

[2013-01-06 17:08:48] WARNING[3526] rtp_engine.c: create instance result: -1 in ast_rtp_instance add srtp policy                                                               
[2013-01-06 17:08:48] WARNING[3526] rtp_engine.c: returned result: -1 in ast_rtp_instance add srtp policy                                                                      
[2013-01-06 17:08:48] WARNING[3526] sip/sdp_crypto.c: Could not set SRTP policies    

On the second server (physical IBM) everything is OK, asterisk 10.10.0 with the above patch applied.

This bring me to a question: would it be possible that the problem on the VM server to setup SRTP is coming from certificat, eg first one used instead of the second one (if certificat is used for SRTP)?

Daniel
                
> Crash in libsrtp srtp_unprotect_rtcp when SIP channel is bridged with non-optimizing Local channel
> --------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-20499
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20499
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 10.8.0
>         Environment: RHEL 5.8 on IBM X3650 M4 - 12 core - Xeon E5-2640 @ 2,50 ghz
>            Reporter: tootai
>            Assignee: Jonathan Rose
>            Severity: Critical
>         Attachments: asterisk-20499_20121127.log, asterisk-20499_20121127.pcap, asterisk-20499_20121129_01.txt, asterisk-20499.txt, asterisk_srtp_unprotect_patch.diff, backtrace1213_1.8.txt, backtrace1222_1.8.txt, backtrace1251.txt, backtrace1436.txt, backtrace1442.txt, backtrace1932.txt, backtrace20121205.txt, backtrace.txt, backtrace.txt, backtrace.txt, backtrace.txt, coredump20121001205609.txt, gdb1213_1.8.txt, gdb1222_1.8.txt, gdb1251.txt, gdb1436.txt, gdb1442.txt, gdb1932.txt, gdb20121205.txt, gdb.txt, gdb.txt, gdb.txt, gdb.txt, libsrtp-1.4.4-fix_crash_on_rtcp_decode.patch, srtp_diagnostic_patch_policy_breakdown.diff, srtp_diagnostic_with_sleep.diff, srtp_fixes_it_maybe.diff
>
>
> A call from snom320 in SRTP mode to echo test or to another phone *NOT* using SRTP is OK. Now we installed PhonerLite softphone with TLS/SRTP stuf and test with echo test: everything is OK too.
> Now PhonerLite calls the snom: asterisk coredump after 3~5 seconds and we are NOT able to make anymore SRTP calls after this, they all crash asterisk. We had this issue with 10.7.0 and 10.8.0
> We have logfiel from strace as well as coredump.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list