[svn-commits] kmoore: branch 11 r378219 - in /branches/11: ./ channels/chan_sip.c

[SVN commits to the Digium repositories]

Author: kmoore
Date: Mon Dec 31 08:44:41 2012
New Revision: 378219

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=378219
Log:
Ensure chan_sip rejects encrypted streams without crypto info

This ensures that Asterisk rejects encrypted media streams (RTP/SAVP
audio and video) that are missing cryptographic keys and ensures that
the incoming SDP is consistent with RFC4568 as far as having a crypto
attribute present for any SAVP streams.

Review: https://reviewboard.asterisk.org/r/2204/
........

Merged revisions 378217 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 378218 from http://svn.asterisk.org/svn/asterisk/branches/10

Modified:
    branches/11/   (props changed)
    branches/11/channels/chan_sip.c

Propchange: branches/11/
            ('branch-1.8-merged' removed)

Propchange: branches/11/
------------------------------------------------------------------------------
Binary property 'branch-10-merged' - no diff available.

Modified: branches/11/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/channels/chan_sip.c?view=diff&rev=378219&r1=378218&r2=378219
==============================================================================
--- branches/11/channels/chan_sip.c (original)
+++ branches/11/channels/chan_sip.c Mon Dec 31 08:44:41 2012
@@ -10378,6 +10378,15 @@
 				  type, value,
 				  (processed == TRUE)? "OK." : "UNSUPPORTED OR FAILED.");
 		}
+
+		/* Ensure crypto lines are provided where necessary */
+		if (audio && secure_audio && !processed_crypto) {
+			ast_log(LOG_WARNING, "Rejecting secure audio stream without encryption details: %s\n", m);
+			return -1;
+		} else if (video && secure_video && !processed_crypto) {
+			ast_log(LOG_WARNING, "Rejecting secure video stream without encryption details: %s\n", m);
+			return -1;
+		}
 	}
 
 	/* Sanity checks */