[asterisk-bugs] [JIRA] (ASTERISK-27886) Crash Asterisk 13.21.0 during SRTP

Alexander Traud (JIRA) noreply at issues.asterisk.org
Wed Aug 29 05:12:54 CDT 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=244637#comment-244637 ] 

Alexander Traud commented on ASTERISK-27886:
--------------------------------------------

I am glad that you are interested in my patch for ASTERISK-26190. Thank you for reporting this issue. That patch *is* designed for Asterisk 13. It is a backport for those who still use Asterisk 13. Thanks to your feedback, I fixed the failing hunk, which was introduced with Asterisk 13.16, because of the change for ASTERISK-25490. Furthermore, I added support for libSRTP 2.x, which was introduced with Gerrit [5722|https://gerrit.asterisk.org/5724] and [6418|https://gerrit.asterisk.org/6418]. Consequently, I recommend to use at least Asterisk 13.18 or newer with that patch.

Out of the box, you need Asterisk 15.2.0 or newer to use that feature. I did not dare to add that patch to Asterisk 13, because beside improving compatibility it adds new functionality as well. If you face other/new issues with that patch, please, do not hesitate to comment directly in ASTERISK-26190. That way, I am instantly notified via E-mail.

> Crash Asterisk 13.21.0 during SRTP
> ----------------------------------
>
>                 Key: ASTERISK-27886
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27886
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 13.21.0
>         Environment: CentOS7 x86_64
>            Reporter: Eugene Kanter
>            Assignee: Unassigned
>
> Using BRIA for iOS, enable TLS and SRTP. Without SRTP works fine.
> coredump is not created, so I attached gdb before SRTP connection.
> {code:title=backtrace|borderStyle=solid}
> (gdb) where
> #0  0x00007fd762085191 in _IO_vfscanf_internal (s=s at entry=0x7fd702de27a0, 
>     format=format at entry=0x60d3c3 "%30d", argptr=argptr at entry=0x7fd702de28c8, errp=errp at entry=0x0)
>     at vfscanf.c:1826
> #1  0x00007fd76209a367 in _IO_vsscanf (string=0x7fd702de29c0 "1", format=0x60d3c3 "%30d", 
>     args=args at entry=0x7fd702de28c8) at iovsscanf.c:44
> #2  0x00007fd7620942d7 in __sscanf (s=s at entry=0x7fd702de29c0 "1", format=format at entry=0x60d3c3 "%30d")
>     at sscanf.c:33
> #3  0x00000000005b44c3 in ast_sdp_crypto_process (rtp=rtp at entry=0x7fd738018760, srtp=0x7fd73801a180, 
>     attr=attr at entry=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE") at sdp_srtp.c:263
> #4  0x00007fd721fdcaca in process_crypto (p=p at entry=0x7fd73801daf0, rtp=0x7fd738018760, 
>     srtp=srtp at entry=0x7fd73801eef8, 
>     a=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE", 
>     a at entry=0x7fd738012de1 "crypto:1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE", secure_transport=secure_transport at entry=1) at chan_sip.c:33988
> #5  0x00007fd721ff7a79 in process_sdp (p=p at entry=0x7fd73801daf0, req=req at entry=0x7fd702de5600, 
>     t38action=t38action at entry=1) at chan_sip.c:10749
> #6  0x00007fd722055b2e in handle_request_invite (p=p at entry=0x7fd73801daf0, req=req at entry=0x7fd702de5600, 
>     addr=addr at entry=0x7fd754004150, seqno=<optimized out>, recount=recount at entry=0x7fd702de5080, 
>     e=e at entry=0x7fd738012a0f "sip:xxxxxxxxxx at xxx.xxx.xxxx", nounlock=nounlock at entry=0x7fd702de50a0)
>     at chan_sip.c:26397
> #7  0x00007fd72205b35d in handle_incoming (p=p at entry=0x7fd73801daf0, req=req at entry=0x7fd702de5600, 
>     addr=addr at entry=0x7fd754004150, recount=recount at entry=0x7fd702de5080, 
>     nounlock=nounlock at entry=0x7fd702de50a0) at chan_sip.c:28940
> #8  0x00007fd72205d9db in handle_request_do (req=req at entry=0x7fd702de5600, addr=addr at entry=0x7fd754004150)
>     at chan_sip.c:29149
> #9  0x00007fd72205e469 in _sip_tcp_helper_thread (tcptls_session=0x7fd754004130) at chan_sip.c:3086
> #10 0x00000000005db42d in handle_tcptls_connection (data=data at entry=0x7fd754004130) at tcptls.c:793
> #11 0x00000000005e9f2a in dummy_start (data=<optimized out>) at utils.c:1239
> #12 0x00007fd762d84e25 in start_thread (arg=0x7fd702de8700) at pthread_create.c:308
> #13 0x00007fd762127bad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> (gdb)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list