[Pkg-voip-commits] [asterisk] 02/03: AST-2013-005: Fix crash caused by invalid SDP

Thu Aug 29 14:36:33 UTC 2013

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch squeeze
in repository asterisk.

commit ce0eede45441e37003781c2bd51db861a6a282d1
Author: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
Date:   Wed Aug 28 23:42:15 2013 +0300

    AST-2013-005: Fix crash caused by invalid SDP
---
 debian/patches/AST-2013-005 |   65 +++++++++++++++++++++++++++++++++++++++++++
 debian/patches/series       |    1 +
 2 files changed, 66 insertions(+)

diff --git a/debian/patches/AST-2013-005 b/debian/patches/AST-2013-005
new file mode 100644
index 0000000..9536d90
--- /dev/null
+++ b/debian/patches/AST-2013-005
@@ -0,0 +1,65 @@
+From: Matthew Jordan <mjordan at digium.com>
+Date: Tue, 27 Aug 2013 17:55:59 +0000
+Subject: AST-2013-005: Fix crash caused by invalid SDP
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-22007
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397756
+
+If the SIP channel driver processes an invalid SDP that defines media
+descriptions before connection information, it may attempt to reference
+the socket address information even though that information has not yet
+been set. This will cause a crash.
+
+This patch adds checks when handling the various media descriptions that
+ensures the media descriptions are handled only if we have connection
+information suitable for that media.
+
+Thanks to Walter Doekes, OSSO B.V., for reporting, testing, and providing
+the solution to this problem.
+
+Reported by: wdoekes
+Tested by: wdoekes
+patches:
+  issueA22007_sdp_without_c_death.patch uploaded by wdoekes (License 5674)
+
+---
+ channels/chan_sip.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -8624,7 +8624,7 @@ static int process_sdp(struct sip_pvt *p
+ 
+ 	/* Setup audio address and port */
+ 	if (p->rtp) {
+-		if (portno > 0) {
++		if (hp && portno > 0) {
+ 			sin.sin_family = AF_INET;
+ 			sin.sin_port = htons(portno);
+ 			memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+@@ -8663,7 +8663,7 @@ static int process_sdp(struct sip_pvt *p
+ 
+ 	/* Setup video address and port */
+ 	if (p->vrtp) {
+-		if (vportno > 0) {
++		if (vhp && vportno > 0) {
+ 			vsin.sin_family = AF_INET;
+ 			vsin.sin_port = htons(vportno);
+ 			memcpy(&vsin.sin_addr, vhp->h_addr, sizeof(vsin.sin_addr));
+@@ -8680,7 +8680,7 @@ static int process_sdp(struct sip_pvt *p
+ 
+ 	/* Setup text address and port */
+ 	if (p->trtp) {
+-		if (tportno > 0) {
++		if (thp && tportno > 0) {
+ 			tsin.sin_family = AF_INET;
+ 			tsin.sin_port = htons(tportno);
+ 			memcpy(&tsin.sin_addr, thp->h_addr, sizeof(tsin.sin_addr));
+@@ -8702,7 +8702,7 @@ static int process_sdp(struct sip_pvt *p
+ 	}
+ 	/* Setup image address and port */
+ 	if (p->udptl) {
+-		if (udptlportno > 0) {
++		if (ihp && udptlportno > 0) {
+ 			isin.sin_family = AF_INET;
+ 			isin.sin_port = htons(udptlportno);
+ 			if (ast_test_flag(&p->flags[0], SIP_NAT) && ast_test_flag(&p->flags[1], SIP_PAGE2_UDPTL_DESTINATION)) {
diff --git a/debian/patches/series b/debian/patches/series
index 9a89018..734b528 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -63,3 +63,4 @@ AST-2012-014
 AST-2012-015
 AST-2013-003
 AST-2013-004
+AST-2013-005

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git

