[asterisk-bugs] [JIRA] (ASTERISK-30363) Crash during srtp session

Mon Dec 19 09:30:51 CST 2022

    [ https://issues.asterisk.org/jira/browse/ASTERISK-30363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260954#comment-260954 ] 

Vitezslav Novy commented on ASTERISK-30363:
-------------------------------------------

Thank you, we are moving to latest 18 now.  But there is no relevant change in res_rtp_asterisk.c even between 18.10.1 and master.

> Crash during srtp session
> -------------------------
>
>                 Key: ASTERISK-30363
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30363
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 18.10.1
>         Environment: Debian 11
>            Reporter: Vitezslav Novy
>            Assignee: Vitezslav Novy
>         Attachments: bt.txt
>
>
> On one of our sites asterisk crashed once with attached backtrace.
> I have core dump available and I noticed that in __rtp_recvfrom() rtp->dtls.ssl is NULL
> It points to some race because there is a test in the function which returns immediately when rtp->dtls.ssl == NULL.  Probably short unlock/lock sequence allowing timer manipulation is the reason. 
> I guess it is a race with ast_rtp_dtls_stop() which destroys ssl and sets ssl to NULL.
> I created a patch for us which checks rtp->dtls,ssl again after unlock/lock sequence. I cannot afford a lawyer so I do not attach it

--
This message was sent by Atlassian JIRA
(v6.2#6252)