| Summary: | ASTERISK-24666: Security Vulnerability: RTP not closed after sip call using unsupported codec | ||
| Reporter: | Y Ateya (yateya) | Labels: | Security |
| Date Opened: | 2015-01-06 10:37:01.000-0600 | Date Closed: | 2015-01-28 11:34:20.000-0600 |
| Priority: | Critical | Regression? | |
| Status: | Closed/Complete | Components: | Channels/chan_pjsip |
| Versions: | 12.8.0 13.1.0 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | ubuntu 12.04; pjproject build from asterisk git repo. | Attachments: | ( 0) pjsip_rtp.log.bz2 ( 1) pjsip.conf ( 2) rtp_cleanup_3.diff ( 3) rtp_ports.txt.bz2 |
| Description: | This is similar to ASTERISK-23721; but on asterisk 13.1.0.
Attached pjsip.conf To reproduce the bug: - Run watch -n1 "netstat -lp | grep aster" - Make a call using sip client (which don't support g729) - You will get messasge "No joint capabilities for 'audio' media stream between our configuration((g729)) and incoming SDP((ulaw|gsm|alaw))" - Check netstat result; you will find 2 RTP ports opened and not closed. - Allow ulaw; make same call from same sip client - ports will be opened for the call duration and then removed after hangup. | ||
| Comments: | By: Matt Jordan (mjordan) 2015-01-06 11:33:10.353-0600 I've locked this down, as this could be a security issue. In the future, if you find a resource exhaustion issue in Asterisk, *please* e-mail security@asterisk.org. In the meantime, please provide a full debug log (with 'pjsip set logger on') illustrating the problem, along with your pjsip.conf. By: Y Ateya (yateya) 2015-01-06 13:26:22.693-0600 pjsip.conf : pjsip configuration of the remote asterisk server. pjsip_rtp.log.bz2: log of pjsip logger rtp_ports.txt.bz2: The list of open ports after the test with zero active calls. By: Y Ateya (yateya) 2015-01-06 16:59:34.033-0600 Added required attachments. By: Matt Jordan (mjordan) 2015-01-07 10:53:15.176-0600 Thanks for the logs and configuration. As soon as we have a patch for the issue, we'll attach it here. By: Mark Michelson (mmichelson) 2015-01-07 17:25:05.876-0600 As an update, I have reproduced this problem, and I have a couple of SIPp scenarios I've written to test this out. I also have identified the problem, and have a couple of ideas for solutions. I'll update this issue when I've got a patch and have code up for review. By: Mark Michelson (mmichelson) 2015-01-08 12:12:13.818-0600 I have created a patch that solves the issue locally for me. I have also put this patch up for review at https://reviewboard.asterisk.org/r/4323 . | ||