[Asterisk-code-review] AST-2021-006: Check for zero port in m=image line. (testsuite[17])
Benjamin Keith Ford
asteriskteam at digium.com
Thu Mar 4 15:32:03 CST 2021
Benjamin Keith Ford has uploaded this change for review. ( https://gerrit.asterisk.org/c/testsuite/+/15587 )
Change subject: AST-2021-006: Check for zero port in m=image line.
......................................................................
AST-2021-006: Check for zero port in m=image line.
If Asterisk received a T.38 re-invite with an image line with a zero
port, a crash would occur. This test checks that both parties are hung
up upon receiving the re-invite.
Change-Id: I6f52cc5f40723198b208874ba8bf2a92cc3d2106
---
A tests/fax/pjsip/t38_zero_port/configs/ast1/extensions.conf
A tests/fax/pjsip/t38_zero_port/configs/ast1/pjsip.conf
A tests/fax/pjsip/t38_zero_port/sipp/endpoint_A.xml
A tests/fax/pjsip/t38_zero_port/sipp/endpoint_B.xml
A tests/fax/pjsip/t38_zero_port/test-config.yaml
M tests/fax/pjsip/tests.yaml
6 files changed, 308 insertions(+), 0 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/testsuite refs/changes/87/15587/1
diff --git a/tests/fax/pjsip/t38_zero_port/configs/ast1/extensions.conf b/tests/fax/pjsip/t38_zero_port/configs/ast1/extensions.conf
new file mode 100644
index 0000000..9ccf33d
--- /dev/null
+++ b/tests/fax/pjsip/t38_zero_port/configs/ast1/extensions.conf
@@ -0,0 +1,6 @@
+[general]
+
+[default]
+exten => basicdial,1,NoOp()
+same => n,Dial(PJSIP/endpoint_B/sip:127.0.0.3)
+same => n,Hangup()
diff --git a/tests/fax/pjsip/t38_zero_port/configs/ast1/pjsip.conf b/tests/fax/pjsip/t38_zero_port/configs/ast1/pjsip.conf
new file mode 100644
index 0000000..bc95b50
--- /dev/null
+++ b/tests/fax/pjsip/t38_zero_port/configs/ast1/pjsip.conf
@@ -0,0 +1,26 @@
+[local-transport]
+type=transport
+protocol=udp
+bind=127.0.0.1
+
+[endpoint-template](!)
+type=endpoint
+context=default
+allow=!all,ulaw
+t38_udptl=yes
+direct_media=no
+
+[endpoint_A](endpoint-template)
+
+[endpoint_B](endpoint-template)
+
+[identify-template](!)
+type=identify
+
+[endpoint_A](identify-template)
+endpoint=endpoint_A
+match=127.0.0.2
+
+[endpoint_B](identify-template)
+endpoint=endpoint_B
+match=127.0.0.3
diff --git a/tests/fax/pjsip/t38_zero_port/sipp/endpoint_A.xml b/tests/fax/pjsip/t38_zero_port/sipp/endpoint_A.xml
new file mode 100644
index 0000000..6eb4854
--- /dev/null
+++ b/tests/fax/pjsip/t38_zero_port/sipp/endpoint_A.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+
+<scenario name="Phone A calls B to receive a T.38 UDPTL stream.">
+
+ <!-- Initial invite - Call phone B -->
+ <send retrans="500">
+ <![CDATA[
+ INVITE sip:basicdial@[remote_ip]:[remote_port] SIP/2.0
+ Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+ From: endpoint_A <sip:endpoint_A@[local_ip]:[local_port]>;tag=[call_number]
+ To: <sip:basicdial@[remote_ip]:[remote_port];user=phone>
+ CSeq: 1 INVITE
+ Call-ID: [call_id]
+ Contact: <sip:endpoint_A@[local_ip]:[local_port]>
+ Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Allow-Events: talk,hold,conference
+ Max-Forwards: 70
+ Content-Type: application/sdp
+ Content-Length: [len]
+
+ v=0
+ o=- 1324901698 1324901698 IN IP4 [local_ip]
+ s=Polycom IP Phone
+ c=IN IP4 [local_ip]
+ t=0 0
+ a=sendrecv
+ m=audio 2226 RTP/AVP 0 101
+ a=sendrecv
+ a=rtpmap:0 PCMU/8000
+ a=rtpmap:101 telephone-event/8000
+ ]]>
+ </send>
+
+ <recv response="100" optional="true" />
+
+ <recv response="180" optional="true" />
+
+ <recv response="183" optional="true" />
+
+ <recv response="200" />
+
+ <send>
+ <![CDATA[
+ ACK sip:endpoint_B@[remote_ip]:[remote_port] SIP/2.0
+ Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+ From: endpoint_A <sip:endpoint_A@[remote_ip]>;tag=[call_number]
+ To: <sip:endpoint_B@[remote_ip];user=phone>[peer_tag_param]
+ CSeq: 1 ACK
+ Call-ID: [call_id]
+ Contact: <sip:endpoint_A@[local_ip]:[local_port]>
+ Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Max-Forwards: 70
+ Content-Length: 0
+ ]]>
+ </send>
+
+ <!-- Reinvite received for T38 - media flows between Enpoint A and Asterisk -->
+ <recv request="INVITE" />
+
+ <send retrans="500">
+ <![CDATA[
+ SIP/2.0 200 OK
+ [last_Via:]
+ [last_From:]
+ [last_To:];tag=[call_number]
+ [last_Call-ID:]
+ [last_CSeq:]
+ Contact: <sip:endpoint_A@[local_ip]:[local_port];transport=[transport]>
+ Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
+ Supported: 100rel,replaces
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Testsuite-Track-Phone-A: 2
+ Content-Type: application/sdp
+ Content-Length: [len]
+
+ v=0
+ o=- 1324901698 1324901700 IN IP4 [local_ip]
+ s=Polycom IP Phone
+ c=IN IP4 [local_ip]
+ t=0 0
+ m=image 0 udptl t38
+ a=sendrecv
+ a=T38FaxVersion:0
+ a=T38MaxBitRate:9600
+ a=T38FaxMaxBuffer:1024
+ a=T38FaxMaxDatagram:400
+ a=T38FaxRateManagement:transferredTCF
+ a=T38FaxUdpEC:t38UDPRedundancy
+ ]]>
+ </send>
+
+ <recv request="ACK"/>
+
+ <!-- Receive a BYE since we sent an image line with a zero port -->
+ <recv request="BYE"/>
+
+ <send retrans="500">
+ <![CDATA[
+ SIP/2.0 200 OK
+ [last_Via:]
+ [last_From:]
+ [last_To:];tag=[call_number]
+ [last_Call-ID:]
+ [last_CSeq:]
+ Contact: <sip:endpoint_A@[local_ip]:[local_port];transport=[transport]>
+ Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
+ Supported: 100rel,replaces
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Testsuite-Track-Phone-A: 5
+ Content-Type: application/sdp
+ Content-Length: 0
+ ]]>
+ </send>
+</scenario>
+
diff --git a/tests/fax/pjsip/t38_zero_port/sipp/endpoint_B.xml b/tests/fax/pjsip/t38_zero_port/sipp/endpoint_B.xml
new file mode 100644
index 0000000..6b415e3
--- /dev/null
+++ b/tests/fax/pjsip/t38_zero_port/sipp/endpoint_B.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+
+<scenario name="Phone B Answers and reINVITEs to send T.38 malicious UDPTL pcap stream.">
+ <Global variables="remote_tag"/>
+
+ <recv request="INVITE" crlf="true">
+ <action>
+ <ereg regexp=".*(;tag=.*)"
+ header="From:"
+ search_in="hdr"
+ check_it="true"
+ assign_to="remote_tag"/>
+ </action>
+ </recv>
+
+ <send>
+ <![CDATA[
+ SIP/2.0 100 Trying
+ [last_Via:]
+ [last_From:]
+ [last_To:];tag=[call_number]
+ [last_Call-ID:]
+ [last_CSeq:]
+ Contact: <sip:endpoint_B@[local_ip]:[local_port];transport=[transport]>
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Content-Length: 0
+ ]]>
+ </send>
+
+ <send>
+ <![CDATA[
+ SIP/2.0 180 Ringing
+ [last_Via:]
+ [last_From:]
+ [last_To:];tag=[call_number]
+ [last_Call-ID:]
+ [last_CSeq:]
+ Contact: <sip:endpoint_B@[local_ip]:[local_port];transport=[transport]>
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Allow-Events: talk,hold,conference
+ Accept-Language: en
+ Content-Length: 0
+ ]]>
+ </send>
+
+ <pause milliseconds="200"/>
+
+ <send retrans="500">
+ <![CDATA[
+ SIP/2.0 200 OK
+ [last_Via:]
+ [last_From:]
+ [last_To:]
+ [last_Call-ID:]
+ [last_CSeq:]
+ Contact: <sip:endpoint_B@[local_ip]:[local_port];transport=[transport]>
+ Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
+ Supported: 100rel,replaces
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Testsuite-Track-Phone-B-Media-Restrict: 1
+ Content-Type: application/sdp
+ Content-Length: [len]
+
+ v=0
+ o=- 1324901698 1324901698 IN IP4 [local_ip]
+ s=Polycom IP Phone
+ c=IN IP4 [local_ip]
+ t=0 0
+ a=sendrecv
+ m=audio 2226 RTP/AVP 0 101
+ a=sendrecv
+ a=rtpmap:0 PCMU/8000
+ a=rtpmap:101 telephone-event/8000
+ ]]>
+ </send>
+
+ <!-- RECV ACK -->
+ <recv request="ACK"/>
+
+ <!-- Wait some period of time -->
+ <pause milliseconds="1500"/>
+
+ <!-- Reinvite to set up T38 Fax session -->
+ <send retrans="500">
+ <![CDATA[
+ INVITE sip:endpoint_B@[remote_ip]:[remote_port] SIP/2.0
+ Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+ From: <sip:127.0.0.3>
+ To: [$remote_tag]
+ CSeq: [cseq] INVITE
+ [last_Call-ID:]
+ Contact: <sip:endpoint_B@[local_ip]:[local_port]>
+ Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
+ User-Agent: PolycomSoundPointIP-SPIP_430-UA/3.2.3.1734
+ Accept-Language: en
+ Supported: 100rel,replaces
+ Allow-Events: talk,hold,conference
+ Max-Forwards: 70
+ Content-Type: application/sdp
+ Content-Length: [len]
+
+ v=0
+ o=- 1324901698 1324901700 IN IP4 [local_ip]
+ s=Polycom IP Phone
+ c=IN IP4 [local_ip]
+ t=0 0
+ m=image 30002 udptl t38
+ a=sendrecv
+ a=T38FaxVersion:0
+ a=T38MaxBitRate:9600
+ a=T38FaxMaxBuffer:1024
+ a=T38FaxMaxDatagram:400
+ a=T38FaxRateManagement:transferredTCF
+ a=T38FaxUdpEC:t38UDPRedundancy
+ ]]>
+ </send>
+
+ <recv request="BYE"/>
+</scenario>
+
diff --git a/tests/fax/pjsip/t38_zero_port/test-config.yaml b/tests/fax/pjsip/t38_zero_port/test-config.yaml
new file mode 100644
index 0000000..e3aba1a
--- /dev/null
+++ b/tests/fax/pjsip/t38_zero_port/test-config.yaml
@@ -0,0 +1,30 @@
+testinfo:
+ summary: 'Test for receiving fax with zero port in image line'
+ description: |
+ 'Test to make sure that Asterisk does not crash when receiving
+ a T.38 INVITE with an image line and a zero port.'
+
+test-modules:
+ add-test-to-search-path: 'True'
+ test-object:
+ config-section: test-object-config
+ typename: 'sipp.SIPpTestCase'
+
+test-object-config:
+ fail-on-any: False
+ test-iterations:
+ -
+ scenarios:
+ - { 'key-args': {'scenario': 'endpoint_A.xml', '-i': '127.0.0.2', '-p': '5060'} }
+ - { 'key-args': {'scenario': 'endpoint_B.xml', '-i': '127.0.0.3', '-p': '5060'} }
+
+properties:
+ dependencies:
+ - sipp :
+ version : 'v3.5'
+ - asterisk : 'app_dial'
+ - asterisk : 'chan_pjsip'
+ - asterisk : 'res_pjsip_t38'
+ tags:
+ - pjsip
+ - fax
diff --git a/tests/fax/pjsip/tests.yaml b/tests/fax/pjsip/tests.yaml
index dd55995..0e38ac0 100644
--- a/tests/fax/pjsip/tests.yaml
+++ b/tests/fax/pjsip/tests.yaml
@@ -12,3 +12,4 @@
- test: 't38_fast_reject'
- test: 't38_with_auth'
- test: 't38_initial_offer'
+ - test: 't38_zero_port'
--
To view, visit https://gerrit.asterisk.org/c/testsuite/+/15587
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: testsuite
Gerrit-Branch: 17
Gerrit-Change-Id: I6f52cc5f40723198b208874ba8bf2a92cc3d2106
Gerrit-Change-Number: 15587
Gerrit-PatchSet: 1
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20210304/e053da7c/attachment-0001.html>
More information about the asterisk-code-review
mailing list