[asterisk-bugs] [JIRA] (ASTERISK-25490) [patch]SDP crypto tag is validated incorrectly

Alexander Traud (JIRA) noreply at issues.asterisk.org
Tue Dec 27 05:47:10 CST 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234366#comment-234366 ] 

Alexander Traud commented on ASTERISK-25490:
--------------------------------------------

In the world of Asterisk, a contributor has to go through all steps himself (reporting, debugging, patching, code review). Only in a few cases, the Asterisk Team takes over an issue. Only in rar cases, another contributor takes over the issue. In this case, I would like to take over and submit your change for code review in Gerrit, because I possess a Snom D725 myself. Furthermore, I did several changes to sRTP in Asterisk already. Finally, your patch is straight forward and nothing else must be developed. However: Yet, I was not able to reproduce your issue.

# What do you mean by ‘forward’ exactly – how to you forward a call? I tried Forwarding via the phone and the web interface which gave me SIP status 3xx. I tried Transfer and Xfer which did not give me any new SDP and therefore no crypto line. Apple once had a concise [step-by-step guide|http://web.archive.org/web/20160324163652/https://developer.apple.com/bug-reporting/using-bug-reporter/problem-detail/] how to report issues. That would help to reproduce your issue, so I can test with the latest Asterisk 13 and 14.
# Do you still face this issue with the latest firmware?
a) [8.7.5.35|http://downloads.snom.com/fw/snom725-8.7.5.35-SIP-r.bin] is the current release version (Nov. 2015).
b) [8.7.5.44|http://downloads.snom.com/fw/mru-preview/snom725-8.7.5.44-SIP-r.bin] is the current beta version (Mar. 2015).
c) [8.9.3.56|http://downloads.snom.net/interop/firmware/8.9.3.56/snom725-8.9.3.56-SIP-r.bin] is the latest version of a new branch (Dec. 2016).
I tested these three versions. You posted your issue before 8.7.5.35 was released.
# Technically, this is an issue in the Snom firmware because the crypto tag should not use a zero value but start with 1. Did you report this issue to Snom as well? Nevertheless, for compatibility, I do not see any reasons why your patch should not be included in Asterisk.
# Looking at your patch, please, explain why you copy the value over into a new buffer.

> [patch]SDP crypto tag is validated incorrectly
> ----------------------------------------------
>
>                 Key: ASTERISK-25490
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25490
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 11.20.0
>         Environment: Interoperability with Snom D725
>            Reporter: Joerg Sonnenberger
>         Attachments: patch-channels_sip_sdp__crypto.c
>
>
> When trying to forward a call from a D725 with encrypted RTP, the crypto handshake fails as the phone tries to use a zero crypto tag.
> A potential fix can be found in https://www.netbsd.org/~joerg/patch-channels_sip_sdp__crypto.c
> The same issue should apply to newer releases as well, but I can't test that easily.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list