[asterisk-bugs] [JIRA] (ASTERISK-29625) srtp cryptos accepted if not enabled

Wed Sep 8 18:29:33 CDT 2021

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256192#comment-256192 ] 

Friendly Automation commented on ASTERISK-29625:
------------------------------------------------

Change 16438 merged by Kevin Harwell:
res_srtp: Disable parsing of not enabled cryptos

[https://gerrit.asterisk.org/c/asterisk/+/16438|https://gerrit.asterisk.org/c/asterisk/+/16438]

> srtp cryptos accepted if not enabled
> ------------------------------------
>
>                 Key: ASTERISK-29625
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29625
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_srtp
>    Affects Versions: 18.6.0
>         Environment: Debian Buster with the default libsrtp 2.2.0.
>            Reporter: Jasper Hafkenscheid
>            Assignee: Jasper Hafkenscheid
>
> When compiled with {{HAVE_SRTP_256}} enabled (by configure), and without {{ENABLE_SRTP_AES_256}}, received crypto lines are still parsed and used.
> We experienced several devices that did not work happily with 256 bit encryption, such as certain Fritz!box, Grandstream and Tiptel. Either having no audio or have it be disrupted after a couple of minutes.
> The fix we applied is to use verify {{ENABLE_SRTP_AES_256}} as well as {{HAVE_SRTP_256}} are defined when parsing the SDP in {{res_sdp_crypto_parse_offer}}. 


--
This message was sent by Atlassian JIRA
(v6.2#6252)