[asterisk-bugs] [JIRA] (ASTERISK-24570) Crash in srtp_unprotect_rtcp because of zero-length packet
Ingo Bauersachs (JIRA)
noreply at issues.asterisk.org
Mon Dec 1 04:49:29 CST 2014
Ingo Bauersachs created ASTERISK-24570:
------------------------------------------
Summary: Crash in srtp_unprotect_rtcp because of zero-length packet
Key: ASTERISK-24570
URL: https://issues.asterisk.org/jira/browse/ASTERISK-24570
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_srtp
Affects Versions: 11.14.1, 11.7.0
Environment: Ubuntu 14.04.1 64bit on Hyper-V 2012R2
Jitsi 2.5.5075 / 2.5.5354
Reporter: Ingo Bauersachs
Asterisk crashes when it somehow receives a zero-length RTCP packet from a SIP channel.
It is unfortunately unclear to me where this is coming from, especially because the problem manifests itself more often the longer Asterisk is running (with the workaround patch applied), up to almost every second when multiple calls are active.
All clients are exclusively Jitsi, which might be related as the source of a possibly malformed RTCP package. The crash of the (to be attached) backtrace occurred during a call to the echo test (the config is created from FreePBX 2.11) and the playback of demo-echotest.gsm. There was one other call from a queue in progress.
Note that this bug is unrelated to the other five srtp_unprotect_rtcp bugs, their backtraces all contain an RTCP packet length of 68 bytes.
I'll attach the patch we currently use as a workaround, but it might also be a possibility to check for <= 0 in res_rtp_asterisk.c:1990.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list