[asterisk-bugs] [JIRA] (ASTERISK-24538) [patch]Crash in SDP sprintf

Badalian Vyacheslav (JIRA) noreply at issues.asterisk.org
Tue Dec 2 20:57:29 CST 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223814#comment-223814 ] 

Badalian Vyacheslav edited comment on ASTERISK-24538 at 12/2/14 8:56 PM:
-------------------------------------------------------------------------

i think i found
{code}
-        master_salt = master_key + SRTP_MASTERKEY_LEN;
+        master_salt = master_key + SRTP_MASTERSALT_LEN;
        if (res_srtp_policy->set_master_key(policy, master_key, SRTP_MASTERKEY_LEN, master_salt, SRTP_MASTERSALT_LEN) < 0) {
                return -1;
        }
{code}

If you do {{master_key + SRTP_MASTERKEY_LEN}} - its pointer to {{t->tag}}.
in this line
{code}
        if (set_crypto_policy(local_policy, suite_val, p->local_key, stats.local_ssrc, 0) < 0) {
{code}

Need to test but its look so bad...


was (Author: slavon):
i think i found
{code}
-        master_salt = master_key + SRTP_MASTERKEY_LEN;
+        master_salt = master_key + SRTP_MASTERSALT_LEN;
        if (res_srtp_policy->set_master_key(policy, master_key, SRTP_MASTERKEY_LEN, master_salt, SRTP_MASTERSALT_LEN) < 0) {
                return -1;
        }
{code}

If you do {{master_key + SRTP_MASTERKEY_LEN}} - its pointer to {{t->tag}}.
in this line
{code}
        if (set_crypto_policy(local_policy, suite_val, p->local_key, stats.local_ssrc, 0) < 0) {
{code}

Need to test but i look so bad...

> [patch]Crash in SDP sprintf
> ---------------------------
>
>                 Key: ASTERISK-24538
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24538
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 11.13.1, 11.14.1
>            Reporter: Badalian Vyacheslav
>            Assignee: Badalian Vyacheslav
>            Severity: Critical
>         Attachments: core.m1-asterisk01.tcsbank.ru-2014-11-18T18%3A46%3A15+0300.txt, core.m1-asterisk01.tcsbank.ru-2014-11-18T19%3A27%3A42+0300.txt, core.m1-asterisk01.tcsbank.ru-2014-11-19T13%3A03%3A47+0300.txt, sdp_fix.diff
>
>
> Today 3 crashes in one place
> Backtraces will be added bellow



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list