[Asterisk-code-review] AST-2017-012: Vulnerability replication test. (...testsuite[16])
Friendly Automation
asteriskteam at digium.com
Fri Jul 19 08:30:25 CDT 2019
Friendly Automation has submitted this change and it was merged. ( https://gerrit.asterisk.org/c/testsuite/+/11582 )
Change subject: AST-2017-012: Vulnerability replication test.
......................................................................
AST-2017-012: Vulnerability replication test.
Sending RTCP packets to Asterisk with one report (for example a Receiver
Report and a Sender Report).
The test fails if Asterisk crashes.
ISSUES: - ASTERISK-27382
- ASTERISK-27429
Change-Id: I41b313e5e42e82ee10c75052fc3c98fcabe46adf
---
A tests/rtp/ast-2017-012/configs/ast1/extensions.conf
A tests/rtp/ast-2017-012/configs/ast1/pjsip.conf
A tests/rtp/ast-2017-012/configs/ast1/rtp.conf
A tests/rtp/ast-2017-012/sipp/crash-27382.pcap
A tests/rtp/ast-2017-012/sipp/invalid-rtcp-packet.xml
A tests/rtp/ast-2017-012/test-config.yaml
M tests/rtp/tests.yaml
7 files changed, 208 insertions(+), 0 deletions(-)
Approvals:
Joshua Colp: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved
Friendly Automation: Approved for Submit
diff --git a/tests/rtp/ast-2017-012/configs/ast1/extensions.conf b/tests/rtp/ast-2017-012/configs/ast1/extensions.conf
new file mode 100644
index 0000000..7328ffc
--- /dev/null
+++ b/tests/rtp/ast-2017-012/configs/ast1/extensions.conf
@@ -0,0 +1,6 @@
+[rtcp_test]
+
+exten => test,1,Answer
+exten => test,n,Noop(RTCP Packet Test ASTERISK-27382)
+exten => test,n,Wait(100)
+exten => test,n,Hangup
diff --git a/tests/rtp/ast-2017-012/configs/ast1/pjsip.conf b/tests/rtp/ast-2017-012/configs/ast1/pjsip.conf
new file mode 100644
index 0000000..6aa4717
--- /dev/null
+++ b/tests/rtp/ast-2017-012/configs/ast1/pjsip.conf
@@ -0,0 +1,37 @@
+;--
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+Non mapped elements start
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+[general]
+udpbindaddr = 127.0.0.1:5060
+
+[test1]
+transport = udp
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+Non mapped elements end
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+--;
+
+
+[transport-udp]
+type = transport
+protocol = udp
+bind = 127.0.0.1:5060
+
+[test1]
+type = aor
+contact = sip:127.0.0.1:5061
+
+[test1]
+type = identify
+endpoint = test1
+match = 127.0.0.1:5061
+
+[test1]
+type = endpoint
+context = rtcp_test
+direct_media = no
+aors = test1
+allow=all,ulaw,alaw
diff --git a/tests/rtp/ast-2017-012/configs/ast1/rtp.conf b/tests/rtp/ast-2017-012/configs/ast1/rtp.conf
new file mode 100644
index 0000000..fb420ba
--- /dev/null
+++ b/tests/rtp/ast-2017-012/configs/ast1/rtp.conf
@@ -0,0 +1,3 @@
+[general]
+; Turn off strictrtp so that DTMF does not get dropped
+strictrtp=no
diff --git a/tests/rtp/ast-2017-012/sipp/crash-27382.pcap b/tests/rtp/ast-2017-012/sipp/crash-27382.pcap
new file mode 100644
index 0000000..5f60a94
--- /dev/null
+++ b/tests/rtp/ast-2017-012/sipp/crash-27382.pcap
Binary files differ
diff --git a/tests/rtp/ast-2017-012/sipp/invalid-rtcp-packet.xml b/tests/rtp/ast-2017-012/sipp/invalid-rtcp-packet.xml
new file mode 100644
index 0000000..4e18362
--- /dev/null
+++ b/tests/rtp/ast-2017-012/sipp/invalid-rtcp-packet.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+
+<!-- This program is free software; you can redistribute it and/or -->
+<!-- modify it under the terms of the GNU General Public License as -->
+<!-- published by the Free Software Foundation; either version 2 of the -->
+<!-- License, or (at your option) any later version. -->
+<!-- -->
+<!-- This program is distributed in the hope that it will be useful, -->
+<!-- but WITHOUT ANY WARRANTY; without even the implied warranty of -->
+<!-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -->
+<!-- GNU General Public License for more details. -->
+<!-- -->
+<!-- You should have received a copy of the GNU General Public License -->
+<!-- along with this program; if not, write to the -->
+<!-- Free Software Foundation, Inc., -->
+<!-- 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -->
+<!-- -->
+<!-- Sipp 'uac' scenario with pcap (rtp) play -->
+<!-- -->
+
+<scenario name="UAC with media">
+ <!-- In client mode (sipp placing calls), the Call-ID MUST be -->
+ <!-- generated by sipp. To do so, use [call_id] keyword. -->
+ <send retrans="500">
+ <![CDATA[
+
+ INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+ Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+ From: test1 <sip:test1@[local_ip]:[local_port]>;tag=[call_number]
+ To: roramirez <sip:[service]@[remote_ip]:[remote_port]>
+ Call-ID: [call_id]
+ CSeq: 1 INVITE
+ Contact: sip:sipp@[local_ip]:[local_port]
+ Max-Forwards: 70
+ Subject: Performance Test
+ Content-Type: application/sdp
+ Content-Length: [len]
+
+ v=0
+ o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
+ s=-
+ c=IN IP[local_ip_type] [local_ip]
+ t=0 0
+ m=audio [auto_media_port] RTP/AVP 8 101
+ a=rtpmap:8 PCMA/8000
+ a=rtpmap:101 telephone-event/8000
+ a=fmtp:101 0-11,16
+ ]]>
+ </send>
+
+ <recv response="100" optional="true">
+ </recv>
+
+ <recv response="180" optional="true">
+ </recv>
+
+ <!-- By adding rrs="true" (Record Route Sets), the route sets -->
+ <!-- are saved and used for following messages sent. Useful to test -->
+ <!-- against stateful SIP proxies/B2BUAs. -->
+ <recv response="200" rtd="true" crlf="true">
+ </recv>
+
+ <!-- Packet lost can be simulated in any send/recv message by -->
+ <!-- by adding the 'lost = "10"'. Value can be [1-100] percent. -->
+ <send>
+ <![CDATA[
+
+ ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+ Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+ From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
+ To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param]
+ Call-ID: [call_id]
+ CSeq: 1 ACK
+ Contact: sip:sipp@[local_ip]:[local_port]
+ Max-Forwards: 70
+ Subject: Performance Test
+ Content-Length: 0
+
+ ]]>
+ </send>
+
+ <pause milliseconds="3000"/>
+ <!-- Play a pre-recorded PCAP file (RTP stream) -->
+ <nop>
+ <action>
+ <!-- RTP AND RTCP Packet extract leg-b side from
+ https://issues.asterisk.org/jira/browse/ASTERISK-27382 -->
+ <exec play_pcap_audio="crash-27382.pcap" />
+ </action>
+ </nop>
+
+ <!-- Pause 10 seconds, which is less than the duration of the -->
+ <!-- PCAP file -->
+ <pause milliseconds="10000"/>
+
+ <!-- The 'crlf' option inserts a blank line in the statistics report. -->
+ <send retrans="500">
+ <![CDATA[
+
+ BYE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+ Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+ From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
+ To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param]
+ Call-ID: [call_id]
+ CSeq: 2 BYE
+ Contact: sip:sipp@[local_ip]:[local_port]
+ Max-Forwards: 70
+ Subject: Performance Test
+ Content-Length: 0
+
+ ]]>
+ </send>
+
+ <recv response="200" crlf="true">
+ </recv>
+
+ <!-- definition of the response time repartition table (unit is ms) -->
+ <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>
+
+ <!-- definition of the call length repartition table (unit is ms) -->
+ <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>
+
+</scenario>
diff --git a/tests/rtp/ast-2017-012/test-config.yaml b/tests/rtp/ast-2017-012/test-config.yaml
new file mode 100644
index 0000000..4cc6923
--- /dev/null
+++ b/tests/rtp/ast-2017-012/test-config.yaml
@@ -0,0 +1,37 @@
+testinfo:
+ summary: 'Test for AST-2017-12 Remote Crash Vulnerability in RTCP Stack'
+ description: |
+ 'A SIPp scenario send INVITE to create inbound call in a SIP channel
+ with device test1. After ANSWER by Asterisk, the device send RTP
+ traffic and RTCP packets contain more than one report (Receiver Report
+ and a Sender Report).
+ The test passes as long Asterisk does not crash and receive BYE by test1.'
+ issues:
+ - jira: 'ASTERISK-27382'
+ - jira: 'ASTERISK-27429'
+
+test-modules:
+ test-object:
+ config-section: sipp-config
+ typename: 'sipp.SIPpTestCase'
+
+sipp-config:
+ fail-on-any: True
+ test-iterations:
+ -
+ scenarios:
+ - { 'key-args': {'scenario': 'invalid-rtcp-packet.xml', '-p': '5061', '-s': 'test' } }
+
+properties:
+ dependencies:
+ - python : 'twisted'
+ - python : 'starpy'
+ - sipp :
+ version : 'v3.0'
+ feature : 'PCAP'
+ - asterisk: 'chan_pjsip'
+ - custom : 'rawsocket'
+ tags:
+ - pjsip
+ - RTP
+ - RTCP
diff --git a/tests/rtp/tests.yaml b/tests/rtp/tests.yaml
index 3ff1e44..56e9f9e 100644
--- a/tests/rtp/tests.yaml
+++ b/tests/rtp/tests.yaml
@@ -1,3 +1,4 @@
# Enter tests here in the order they should be considered for execution:
tests:
- dir: 'strict_rtp'
+ - test: 'ast-2017-012'
--
To view, visit https://gerrit.asterisk.org/c/testsuite/+/11582
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: testsuite
Gerrit-Branch: 16
Gerrit-Change-Id: I41b313e5e42e82ee10c75052fc3c98fcabe46adf
Gerrit-Change-Number: 11582
Gerrit-PatchSet: 1
Gerrit-Owner: Rodrigo Ramirez Norambuena <a at rodrigoramirez.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20190719/9c3225a6/attachment-0001.html>
More information about the asterisk-code-review
mailing list