[asterisk-bugs] [JIRA] (ASTERISK-24538) [patch]Crash in SDP sprintf
Badalian Vyacheslav (JIRA)
noreply at issues.asterisk.org
Tue Dec 2 20:51:29 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223814#comment-223814 ]
Badalian Vyacheslav commented on ASTERISK-24538:
------------------------------------------------
i think i found
{code}
- master_salt = master_key + SRTP_MASTERKEY_LEN;
+ master_salt = master_key + SRTP_MASTERSALT_LEN;
if (res_srtp_policy->set_master_key(policy, master_key, SRTP_MASTERKEY_LEN, master_salt, SRTP_MASTERSALT_LEN) < 0) {
return -1;
}
{code}
If you do master_key + SRTP_MASTERKEY_LEN - its pointer to t->tag.
Need to test but i look to bad...
> [patch]Crash in SDP sprintf
> ---------------------------
>
> Key: ASTERISK-24538
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24538
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 11.13.1, 11.14.1
> Reporter: Badalian Vyacheslav
> Assignee: Badalian Vyacheslav
> Severity: Critical
> Attachments: core.m1-asterisk01.tcsbank.ru-2014-11-18T18%3A46%3A15+0300.txt, core.m1-asterisk01.tcsbank.ru-2014-11-18T19%3A27%3A42+0300.txt, core.m1-asterisk01.tcsbank.ru-2014-11-19T13%3A03%3A47+0300.txt, sdp_fix.diff
>
>
> Today 3 crashes in one place
> Backtraces will be added bellow
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list