[asterisk-bugs] [JIRA] (ASTERISK-28495) res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Sep 9 11:24:45 CDT 2020


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-28495:
-------------------------------------

    Target Release Version/s: 18.0.0

> res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash
> -----------------------------------------------------------------------
>
>                 Key: ASTERISK-28495
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28495
>             Project: Asterisk
>          Issue Type: Security
>          Components: Resources/res_pjsip_t38
>    Affects Versions: 16.5.0
>            Reporter: Alexei Gradinari
>            Assignee: Kevin Harwell
>            Severity: Blocker
>              Labels: patch, security
>      Target Release: 15.7.4, 16.5.1, 16.6.0, 17.0.0, 17.1.0, 18.0.0
>
>         Attachments: ast-2019-004.patch, AST-2019-004.pdf, gdb.txt.xz, t38.diff, testsuite.tar.xz
>
>
> The asterisk doesn't check if there is media session with type 'image'
> on receiving 200 reply on T.38 ReInvite.
> If SDP contains 'm=image 0 udptl t38' the asterisk crashes.
> My patch fixes only one place of code where t38_change_state is called without checking session_media variable.
> I think t38_change_state should check session_media parameter before use it.
> And I think need to check other places where active_media_state->default_session[AST_MEDIA_TYPE_IMAGE] is used.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list