[Asterisk-code-review] AST-2021-002: Remote crash possible when negotiating T.38 (asterisk[18.2])

Kevin Harwell asteriskteam at digium.com
Thu Feb 18 10:23:46 CST 2021 

Kevin Harwell has uploaded a new patch set (#2) to the change originally created by Joshua Colp. ( https://gerrit.asterisk.org/c/asterisk/+/15475 )

Change subject: AST-2021-002: Remote crash possible when negotiating T.38
......................................................................

AST-2021-002: Remote crash possible when negotiating T.38

When an endpoint requests to re-negotiate for fax and the incoming
re-invite is received prior to Asterisk sending out the 200 OK for
the initial invite the re-invite gets delayed. When Asterisk does
finally send the re-inivite the SDP includes streams for both audio
and T.38.

This happens because when the pending topology and active topologies
differ (pending stream is not in the active) in the delayed scenario
the pending stream is appended to the active topology. However, in
the fax case the pending stream should replace the active.

This patch makes it so when a delay occurs during fax negotiation,
to or from, the audio stream is replaced by the T.38 stream, or vice
versa instead of being appended.

Further when Asterisk sent the re-invite with both audio and T.38,
and the endpoint responded with a declined T.38 stream then Asterisk
would crash when attempting to change the T.38 state.

This patch also puts in a check that ensures the media state has a
valid fax session (associated udptl object) before changing the
T.38 state internally.

ASTERISK-29203 #close

Change-Id: I407f4fa58651255b6a9030d34fd6578cf65ccf09
---
M res/res_pjsip_session.c
M res/res_pjsip_t38.c
2 files changed, 17 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/75/15475/2
-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15475
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 18.2
Gerrit-Change-Id: I407f4fa58651255b6a9030d34fd6578cf65ccf09
Gerrit-Change-Number: 15475
Gerrit-PatchSet: 2
Gerrit-Owner: Joshua Colp <jcolp at sangoma.com>
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20210218/fb8c94b0/attachment-0001.html>

More information about the asterisk-code-review mailing list