[asterisk-bugs] [JIRA] (ASTERISK-24570) Crash in srtp_unprotect_rtcp because of zero-length packet
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Mon Dec 15 12:17:29 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp reassigned ASTERISK-24570:
--------------------------------------
Assignee: Joshua Colp
> Crash in srtp_unprotect_rtcp because of zero-length packet
> ----------------------------------------------------------
>
> Key: ASTERISK-24570
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24570
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_srtp
> Affects Versions: 11.7.0, 11.14.1
> Environment: Ubuntu 14.04.1 64bit on Hyper-V 2012R2
> Jitsi 2.5.5075 / 2.5.5354
> Reporter: Ingo Bauersachs
> Assignee: Joshua Colp
> Attachments: backtrace.txt, srtp_crash.patch
>
>
> Asterisk crashes when it somehow receives a zero-length RTCP packet from a SIP channel.
> It is unfortunately unclear to me where this is coming from, especially because the problem manifests itself more often the longer Asterisk is running (with the workaround patch applied), up to almost every second when multiple calls are active.
> All clients are exclusively Jitsi, which might be related as the source of a possibly malformed RTCP package. The crash of the (to be attached) backtrace occurred during a call to the echo test (the config is created from FreePBX 2.11) and the playback of demo-echotest.gsm. There was one other call from a queue in progress.
> Note that this bug is unrelated to the other five srtp_unprotect_rtcp bugs, their backtraces all contain an RTCP packet length of 68 bytes.
> I'll attach the patch we currently use as a workaround, but it might also be a possibility to check for <= 0 in res_rtp_asterisk.c:1990.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list