[asterisk-bugs] [JIRA] (ASTERISK-22920) Crash while Forwarding from TLS extension
Shlomi Gutman (JIRA)
noreply at issues.asterisk.org
Wed Nov 27 11:10:03 CST 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-22920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=212320#comment-212320 ]
Shlomi Gutman commented on ASTERISK-22920:
------------------------------------------
I actually succeed to stop the crashes on one of the machines.
I'm not sure what was the reason to resolve, i have other machine that crashes, so i'll try to find out what resolved it.
The steps were (with results):
1)Compile https://github.com/cisco/libsrtp/tree/feature-openssl as libsrtp (on debian), recompile asterisk 11.6.0 (still there were crashes)
2)Installed binutils-dev, compiled asterisk with DONT_OPTIMIZE and BETTER_BACKTRACE to provide more information (no crashes anymore, Murphy law, isn't it :) )
3)Compiled again without DONT_OPTIMIZE and BETTER_BACKTRACE (no crashes anymore)
I'll provide more info one i'll start to run tests on Centos machine.
I'm not sure if it's related but :
After there were no crashes the forward wouldn't work btw, as it would failt to create channel with "cause 58" problem is in SRTP (only TLS works), after checking code i found out that the problem is in line 5862 :
for (i = 0; i < 2; i++) {
if (ops[i][1]) {
if (ast_channel_setoption(out, ops[i][0], &ops[i][1], sizeof(ops[i][1]), 0)) {
/* We require a security feature, but the channel won't provide it */
return -1;
}
} else {
/* We don't care if we can't clear the option on a channel that doesn't support it */
ast_channel_setoption(out, ops[i][0], &ops[i][1], sizeof(ops[i][1]), 0);
}
}
It would return -1, commenting if and using
ast_channel_setoption(out, ops[i][0], &ops[i][1], sizeof(ops[i][1]), 0);
in all cases would solve the problem for forwards, but i'm not sure if it can/will break other things.
Is there any other informauion i can provide? And i'll keep updating here once i have more results with tests.
> Crash while Forwarding from TLS extension
> -----------------------------------------
>
> Key: ASTERISK-22920
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22920
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_srtp
> Affects Versions: 1.8.14.0, 1.8.24.0, 11.5.0, 11.6.0, 11.7.0
> Environment: CentOS release 5.8 (Final) kernel 2.6.18-308.24.1.el5 64bit, libsrtp 1.4.2(compiled manually) with 1.8.14 with and without patch (https://issues.asterisk.org/jira/browse/ASTERISK-18345)
> Debian GNU/Linux 7 (wheezy) kenrel 3.2.0-4-amd64 (3.2.51-1 64bit), with above patch on 11.5.0 and without patch on 1.8.24.0 11.7.0-rc1 11.6.0
> with libsrtp 1.4.4 (from debian repo), self compiled 1.4.2, as well as 1.4.4 self compiled and self compiled with patch ( http://srtp.cvs.sourceforge.net/viewvc/srtp/srtp/crypto/replay/rdb.c?r1=1.4&r2=1.5) as mentioned on https://issues.asterisk.org/jira/browse/ASTERISK-16665
> 2 phones were tested snom 710 and fanvil C62
> Reporter: Shlomi Gutman
> Assignee: Shlomi Gutman
> Attachments: exten_incoming.conf, extension_realtime.info, gdb.log, sip.conf
>
>
> Steps to reproduce:
> 1)Asterisk with self signed certificates or GoDaddy certificates
> 2)Extension connected with TLS transport (behind NAT in our case)
> 3)Route incoming call to that extension, while forward call from it without answering (302 - FORWARD)
> 4)Crash
> I know that this bug may be related to srtp, but as we see it was not developed and maintained for a long time and as asterisk srtp based on itץ
> I think at least it should crash the call only, but not whole asterisk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list