[asterisk-bugs] [JIRA] (ASTERISK-28495) res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Thu Sep 5 08:20:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-28495:
-------------------------------------
Target Release Version/s: 16.5.1
> res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash
> -----------------------------------------------------------------------
>
> Key: ASTERISK-28495
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28495
> Project: Asterisk
> Issue Type: Security
> Components: Resources/res_pjsip_t38
> Affects Versions: 16.5.0
> Reporter: Alexei Gradinari
> Assignee: Kevin Harwell
> Severity: Blocker
> Labels: patch, security
> Target Release: 15.7.4, 16.5.1
>
> Attachments: ast-2019-004.patch, AST-2019-004.pdf, gdb.txt.xz, t38.diff, testsuite.tar.xz
>
>
> The asterisk doesn't check if there is media session with type 'image'
> on receiving 200 reply on T.38 ReInvite.
> If SDP contains 'm=image 0 udptl t38' the asterisk crashes.
> My patch fixes only one place of code where t38_change_state is called without checking session_media variable.
> I think t38_change_state should check session_media parameter before use it.
> And I think need to check other places where active_media_state->default_session[AST_MEDIA_TYPE_IMAGE] is used.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list