[asterisk-bugs] [JIRA] (ASTERISK-25490) [patch]SDP crypto tag is validated incorrectly

Alexander Traud (JIRA) noreply at issues.asterisk.org
Mon Jan 14 03:46:48 CST 2019


    [ https://issues.asterisk.org/jira/browse/ASTERISK-25490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=236182#comment-236182 ] 

Alexander Traud edited comment on ASTERISK-25490 at 1/14/19 3:45 AM:
---------------------------------------------------------------------

I was not able to reproduce this with my Snom D725. However, the RTX 9430 (Single-cell DECT-IP base) faces the same issue. I reported this to RTX via Snom, because the Snom M300 (part of the Snom M325 package) is actually a RTX 9430. There are more manufactures which re-labeled that product, like Agfeo DECT IP-Basis XS, Alcatel-Lucent 8318, Konftel IP DECT 10, and Mitel RFP 12. As stated before, I do not see a reason, why Asterisk should not support zero as tag value as well. Furthermore, it might take years until all RTX 9430 in the field are updated.

However, I was not able to test the code contribution here to go for code review. Yes, I could have used SIPp instead. Thanks to my Snom M325, I was able to test the code and submitted a change for review (see the Gerrit tab).

[~joerg], I just changed the accepted value range in Asterisk. I have not understood why you create a new buffer. Is this because of possible white-space?


was (Author: traud):
I was not able to reproduce this with my Snom D725. However, the RTX 9430 (Single-cell DECT-IP base) faces the same issue. I reported this to RTX via Snom, because the Snom M300 (part of the Snom M325 package) is actually a RTX 9430. There are more manufactures which re-labeled that product, like Agfeo DECT IP-Basis XS, Konftel IP DECT 10, and Mitel RFP 12. As stated before, I do not see a reason, why Asterisk should not support zero as tag value as well. Furthermore, it might take years until all RTX 9430 in the field are updated.

However, I was not able to test the code contribution here to go for code review. Yes, I could have used SIPp instead. Thanks to my Snom M325, I was able to test the code and submitted a change for review (see the Gerrit tab).

[~joerg], I just changed the accepted value range in Asterisk. I have not understood why you create a new buffer. Is this because of possible white-space?

> [patch]SDP crypto tag is validated incorrectly
> ----------------------------------------------
>
>                 Key: ASTERISK-25490
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25490
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 13.13.1, 14.2.1
>         Environment: Interoperability with Snom D725
>            Reporter: Joerg Sonnenberger
>      Target Release: 13.16.0, 14.5.0, 15.0.0
>
>         Attachments: patch-channels_sip_sdp__crypto.c
>
>
> When trying to forward a call from a D725 with encrypted RTP, the crypto handshake fails as the phone tries to use a zero crypto tag.
> A potential fix can be found in https://www.netbsd.org/~joerg/patch-channels_sip_sdp__crypto.c
> The same issue should apply to newer releases as well, but I can't test that easily.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list