[asterisk-bugs] [JIRA] (ASTERISK-25490) [patch]SDP crypto tag is validated incorrectly

[Alexander Traud (JIRA)]

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=236253#comment-236253 ] 

Alexander Traud commented on ASTERISK-25490:
--------------------------------------------

bq. i.e. no additional junk is present like trailing garbage, plus signs, whitespace etc. That's the only reason for it.

It is always good to give concrete examples and mention those in a comment within the code itself. Not everyone is able to reverse engineer the idea behind a patch. Furthermore, it is always good to limit a change to one issue (start at index 0, do not allow +/- signs, remove whitespace, find the first digit automatically). That ‘start at index 0’ issue has gone through code review and was included by now and closed this issue automatically. If one of that other changes should go into Asterisk as well, please, say so.

> [patch]SDP crypto tag is validated incorrectly
> ----------------------------------------------
>
>                 Key: ASTERISK-25490
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25490
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 13.13.1, 14.2.1
>         Environment: Interoperability with Snom D725
>            Reporter: Joerg Sonnenberger
>         Attachments: patch-channels_sip_sdp__crypto.c
>
>
> When trying to forward a call from a D725 with encrypted RTP, the crypto handshake fails as the phone tries to use a zero crypto tag.
> A potential fix can be found in https://www.netbsd.org/~joerg/patch-channels_sip_sdp__crypto.c
> The same issue should apply to newer releases as well, but I can't test that easily.



--
This message was sent by Atlassian JIRA
(v6.2#6252)