[Asterisk-code-review] res rtp asterisk.c: Validate RTCP packets before processing ... (asterisk[15])

Richard Mudgett asteriskteam at digium.com
Thu Sep 14 19:45:53 CDT 2017 

Richard Mudgett has uploaded a new patch set (#4) to the change originally created by George Joseph. ( https://gerrit.asterisk.org/6445 )

Change subject: res_rtp_asterisk.c: Validate RTCP packets before processing them.
......................................................................

res_rtp_asterisk.c: Validate RTCP packets before processing them.

* Validate that the received packet is of a minimum length and apply the
RFC3550 RTCP packet validation checks.

* Block received RTCP packets if they don't come from the learned strict
RTP IP address.  Otherwise, if the address is not available then we don't
know any better and we have to process it.

* Fixed potentially reading garbage beyond the received RTCP record data.

* Fixed rtp->themssrc only being set once when the remote could change
the SSRC.  We would effectively stop handling the RTCP statistic records.

* Fixed rtp->themssrc to not treat a zero value as special by adding
rtp->themssrc_valid to indicate if rtp->themssrc is available.

Change-Id: I67d89e3c27db83efa0e6b52734f73c88ac2939e2
---
M res/res_rtp_asterisk.c
1 file changed, 267 insertions(+), 62 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/45/6445/4
-- 
To view, visit https://gerrit.asterisk.org/6445
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I67d89e3c27db83efa0e6b52734f73c88ac2939e2
Gerrit-Change-Number: 6445
Gerrit-PatchSet: 4
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20170914/4843f790/attachment.html>

More information about the asterisk-code-review mailing list