[Asterisk-code-review] chan_sip: protection against a broken SDP to a T.38 reINVITE (...asterisk[13])

Francesco Castellano asteriskteam at digium.com
Fri Jun 28 11:21:20 CDT 2019 

Francesco Castellano has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/11505


Change subject: chan_sip: protection against a broken SDP to a T.38 reINVITE
......................................................................

chan_sip: protection against a broken SDP to a T.38 reINVITE

The T.38 reINVITE issued by asterisk usually contains a single m-line of
type image.

When a broken UAS responds with an SDP with _two_ m-lines, with the
audio m-line that contains a disjointed codec set wrt the one of
Asterisk; then a segfault occurs in process_sdp().

Usually, to have a disjointed capabilities set, you need an uncommon
codec on the other party and preferred_codec_only=yes on the matching
SIP peer definition.

Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87
---
M channels/chan_sip.c
1 file changed, 3 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/05/11505/1

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 7c8928d..7ccf3fd 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -10911,7 +10911,9 @@
 			    ast_rtp_lookup_mime_multiple2(s3, NULL, newnoncodeccapability, 0, 0));
 	}
 
-	if (portno != -1 || vportno != -1 || tportno != -1) {
+	/* Check again for non-empty newjointcapability as there are unfortunate cases
+	 * when portno is != -1, but newjointcapabilities are empty */
+	if ((portno != -1 || vportno != -1 || tportno != -1) && ast_format_cap_count(newjointcapability)) {
 		/* We are now ready to change the sip session and RTP structures with the offered codecs, since
 		   they are acceptable */
 		unsigned int framing;

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/11505
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87
Gerrit-Change-Number: 11505
Gerrit-PatchSet: 1
Gerrit-Owner: Francesco Castellano <francesco.castellano at messagenet.it>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20190628/82c30804/attachment.html>

More information about the asterisk-code-review mailing list