[asterisk-bugs] [JIRA] (ASTERISK-28495) res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Thu Sep 5 07:52:48 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28495?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=247935#comment-247935 ]
Friendly Automation commented on ASTERISK-28495:
------------------------------------------------
Change 12840 merged by George Joseph:
AST-2019-004 - res_pjsip_t38.c: Add NULL checks before using session media
[https://gerrit.asterisk.org/c/asterisk/+/12840|https://gerrit.asterisk.org/c/asterisk/+/12840]
> res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash
> -----------------------------------------------------------------------
>
> Key: ASTERISK-28495
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28495
> Project: Asterisk
> Issue Type: Security
> Components: Resources/res_pjsip_t38
> Affects Versions: 16.5.0
> Reporter: Alexei Gradinari
> Assignee: Kevin Harwell
> Severity: Blocker
> Labels: patch, security
> Attachments: ast-2019-004.patch, AST-2019-004.pdf, gdb.txt.xz, t38.diff, testsuite.tar.xz
>
>
> The asterisk doesn't check if there is media session with type 'image'
> on receiving 200 reply on T.38 ReInvite.
> If SDP contains 'm=image 0 udptl t38' the asterisk crashes.
> My patch fixes only one place of code where t38_change_state is called without checking session_media variable.
> I think t38_change_state should check session_media parameter before use it.
> And I think need to check other places where active_media_state->default_session[AST_MEDIA_TYPE_IMAGE] is used.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list