[asterisk-bugs] [JIRA] (ASTERISK-22920) Crash while Forwarding from TLS extension
Shlomi Gutman (JIRA)
noreply at issues.asterisk.org
Tue Jan 7 04:27:03 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-22920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=213683#comment-213683 ]
Shlomi Gutman commented on ASTERISK-22920:
------------------------------------------
@Rusty Newton,
hey
After many tries and versions of srtp lib(as explained above) i resolved the issue on one server, but unfortunately as i had no time i was unable to write down all the steps/patches and versions.
For now i think it's still unresolved and crash is 100% reproducible ( as i tried different versions of asterisk and libsrtp on other platform after and was unable to resolve).
About the forward not working - on server i did resolved the crash forward didn't work (at least it didn't crash), but was resolved by solution proposed in few comments above.
I think the main priority here is not to resolve forward but to prevent crashes.
Btw as i tried to get deeper into the problem(more debugging) as far as i understand(correct me if i'm wrong) the crash happens when there is try to free "chan->tech_pvt":
channel.c -> function ast_channel_destructor:
if (chan->tech_pvt) {
ast_log(LOG_WARNING, "Channel '%s' may not have been hung up properly\n", chan->name);
ast_free(chan->tech_pvt);
}
(Sorry for not sending line num as it seems to be different in different version of asterisk)
As far as i understand this is pointer that keeps data for the channel and in our case it might hold parts of srtp data and as i understand as there is no other place in code we free this data before taht line, it might be that it comes from libsrtp where it can free? reallocate? the data that our pointer pointing to?(correct me if i'm wrong)
> Crash while Forwarding from TLS extension
> -----------------------------------------
>
> Key: ASTERISK-22920
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22920
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_srtp
> Affects Versions: 1.8.14.0, 1.8.24.0, 11.5.0, 11.6.0, 11.7.0
> Environment: CentOS release 5.8 (Final) kernel 2.6.18-308.24.1.el5 64bit, libsrtp 1.4.2(compiled manually) with 1.8.14 with and without patch (https://issues.asterisk.org/jira/browse/ASTERISK-18345)
> Debian GNU/Linux 7 (wheezy) kenrel 3.2.0-4-amd64 (3.2.51-1 64bit), with above patch on 11.5.0 and without patch on 1.8.24.0 11.7.0-rc1 11.6.0
> with libsrtp 1.4.4 (from debian repo), self compiled 1.4.2, as well as 1.4.4 self compiled and self compiled with patch ( http://srtp.cvs.sourceforge.net/viewvc/srtp/srtp/crypto/replay/rdb.c?r1=1.4&r2=1.5) as mentioned on https://issues.asterisk.org/jira/browse/ASTERISK-16665
> 2 phones were tested snom 710 and fanvil C62
> Reporter: Shlomi Gutman
> Assignee: Shlomi Gutman
> Attachments: backtrace_ldd.log, debug.log, exten_incoming.conf, extension_realtime.info, gdb.log, ldd.log, sip.conf
>
>
> Steps to reproduce:
> 1)Asterisk with self signed certificates or GoDaddy certificates
> 2)Extension connected with TLS transport (behind NAT in our case)
> 3)Route incoming call to that extension, while forward call from it without answering (302 - FORWARD)
> 4)Crash
> I know that this bug may be related to srtp, but as we see it was not developed and maintained for a long time and as asterisk srtp based on itץ
> I think at least it should crash the call only, but not whole asterisk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list