[asterisk-bugs] [JIRA] (ASTERISK-25490) [patch]SDP crypto tag is validated incorrectly

Joerg Sonnenberger (JIRA) noreply at issues.asterisk.org
Thu Jan 19 16:28:10 CST 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-25490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234742#comment-234742 ] 

Joerg Sonnenberger commented on ASTERISK-25490:
-----------------------------------------------

Seriously, no. The requirement to rule out leading zero is a simple way to avoid ambiguity and issues like parsing numbers as octal. Interpreting "0" as leading zero is not a sensible interpreation.

> [patch]SDP crypto tag is validated incorrectly
> ----------------------------------------------
>
>                 Key: ASTERISK-25490
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25490
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 13.13.1, 14.2.1
>         Environment: Interoperability with Snom D725
>            Reporter: Joerg Sonnenberger
>         Attachments: patch-channels_sip_sdp__crypto.c
>
>
> When trying to forward a call from a D725 with encrypted RTP, the crypto handshake fails as the phone tries to use a zero crypto tag.
> A potential fix can be found in https://www.netbsd.org/~joerg/patch-channels_sip_sdp__crypto.c
> The same issue should apply to newer releases as well, but I can't test that easily.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list