| Summary: | ASTERISK-27886: Crash Asterisk 13.21.0 during SRTP | ||
| Reporter: | Eugene Kanter (qtlin) | Labels: | |
| Date Opened: | 2018-05-30 19:02:31 | Date Closed: | 2018-05-31 04:20:06 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Channels/chan_sip/SRTP |
| Versions: | 13.21.0 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | CentOS7 x86_64 | Attachments: | |
| Description: | Using BRIA for iOS, enable TLS and SRTP. Without SRTP works fine.
coredump is not created, so I attached gdb before SRTP connection. {code:title=backtrace|borderStyle=solid} (gdb) where #0 0x00007fd762085191 in _IO_vfscanf_internal (s=s@entry=0x7fd702de27a0, format=format@entry=0x60d3c3 "%30d", argptr=argptr@entry=0x7fd702de28c8, errp=errp@entry=0x0) at vfscanf.c:1826 #1 0x00007fd76209a367 in _IO_vsscanf (string=0x7fd702de29c0 "1", format=0x60d3c3 "%30d", args=args@entry=0x7fd702de28c8) at iovsscanf.c:44 #2 0x00007fd7620942d7 in __sscanf (s=s@entry=0x7fd702de29c0 "1", format=format@entry=0x60d3c3 "%30d") at sscanf.c:33 #3 0x00000000005b44c3 in ast_sdp_crypto_process (rtp=rtp@entry=0x7fd738018760, srtp=0x7fd73801a180, attr=attr@entry=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE") at sdp_srtp.c:263 #4 0x00007fd721fdcaca in process_crypto (p=p@entry=0x7fd73801daf0, rtp=0x7fd738018760, srtp=srtp@entry=0x7fd73801eef8, a=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE", a@entry=0x7fd738012de1 "crypto:1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE", secure_transport=secure_transport@entry=1) at chan_sip.c:33988 #5 0x00007fd721ff7a79 in process_sdp (p=p@entry=0x7fd73801daf0, req=req@entry=0x7fd702de5600, t38action=t38action@entry=1) at chan_sip.c:10749 #6 0x00007fd722055b2e in handle_request_invite (p=p@entry=0x7fd73801daf0, req=req@entry=0x7fd702de5600, addr=addr@entry=0x7fd754004150, seqno=<optimized out>, recount=recount@entry=0x7fd702de5080, e=e@entry=0x7fd738012a0f "sip:xxxxxxxxxx@xxx.xxx.xxxx", nounlock=nounlock@entry=0x7fd702de50a0) at chan_sip.c:26397 #7 0x00007fd72205b35d in handle_incoming (p=p@entry=0x7fd73801daf0, req=req@entry=0x7fd702de5600, addr=addr@entry=0x7fd754004150, recount=recount@entry=0x7fd702de5080, nounlock=nounlock@entry=0x7fd702de50a0) at chan_sip.c:28940 #8 0x00007fd72205d9db in handle_request_do (req=req@entry=0x7fd702de5600, addr=addr@entry=0x7fd754004150) at chan_sip.c:29149 #9 0x00007fd72205e469 in _sip_tcp_helper_thread (tcptls_session=0x7fd754004130) at chan_sip.c:3086 #10 0x00000000005db42d in handle_tcptls_connection (data=data@entry=0x7fd754004130) at tcptls.c:793 #11 0x00000000005e9f2a in dummy_start (data=<optimized out>) at utils.c:1239 #12 0x00007fd762d84e25 in start_thread (arg=0x7fd702de8700) at pthread_create.c:308 #13 0x00007fd762127bad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 (gdb) {code} | ||
| Comments: | By: Asterisk Team (asteriskteam) 2018-05-30 19:02:32.357-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Joshua C. Colp (jcolp) 2018-05-30 19:05:32.220-0500 The line numbers do not match Asterisk 13.21.0, what version is actually in use? By: Eugene Kanter (qtlin) 2018-05-30 19:49:25.600-0500 $ asterisk -rx 'core show version' No ethernet interface found for seeding global EID. You will have to set it manually. Asterisk 13.21.0 built by root @ xxx.xxx.xxxx on a x86_64 running Linux on 2018-05-30 16:22:10 UTC looks like wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz was used earlier today. please let me know which files have line numbers do not match. By: Joshua C. Colp (jcolp) 2018-05-30 19:56:47.405-0500 Er, well, none of them do. The chan_sip line numbers don't match, and the sdp_srtp line number doesn't either. By: Eugene Kanter (qtlin) 2018-05-30 20:05:54.571-0500 {noformat} wget https://issues.asterisk.org/jira/secure/attachment/54233/srtp_aead_and_big_aes.patch sed -i 's|crypto->tag <= 0|crypto->tag <= 0crypto->tag < 0|' srtp_aead_and_big_aes.patch patch -p0 <./srtp_aead_and_big_aes.patch CFLAGS='-DENABLE_SRTP_AES_256 -DENABLE_SRTP_AES_GCM' ./configure --libdir=/usr/lib64 --with-pjproject-bundled {noformat} By: Eugene Kanter (qtlin) 2018-05-30 20:16:20.377-0500 Is this patch not compatible? I don't know anything about it, was using someone's instructions. Do you know what Jira number is it from? Update. 1. Found patch source ASTERISK-26190 2. Upon logs examination I found out that patch did not apply cleanly, one hunk failed. Question: is there an updated version of this patch? By: Joshua C. Colp (jcolp) 2018-05-31 04:20:06.596-0500 That patch was never provided for Asterisk 13, it only ever went into 14 and 15. It may have applied in the past just because things were close enough but it diverges. There is no updated patch, since it was never available for it. As well we can only support an unpatched Asterisk as patches themselves can cause crashes. By: Eugene Kanter (qtlin) 2018-05-31 08:18:10.942-0500 Thank you for helping me find a root cause by pointing to wrong line numbers. I made a patch for that patch to apply cleanly and will see how it goes. By: Asterisk Team (asteriskteam) 2018-05-31 08:18:11.393-0500 This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable. By: Alexander Traud (traud) 2018-08-29 05:12:04.946-0500 I am glad that you are interested in my patch for ASTERISK-26190. Thank you for reporting this issue. That patch *is* designed for Asterisk 13. It is a backport for those who still use Asterisk 13. Thanks to your feedback, I fixed the failing hunk, which was introduced with Asterisk 13.16, because of the change for ASTERISK-25490. Furthermore, I added support for libSRTP 2.x, which was introduced with Gerrit [5722|https://gerrit.asterisk.org/5724] and [6418|https://gerrit.asterisk.org/6418]. Consequently, I recommend to use at least Asterisk 13.18 or newer with that patch. Out of the box, you need Asterisk 15.2.0 or newer to use that feature. I did not dare to add that patch to Asterisk 13, because beside improving compatibility it adds new functionality as well. If you face other/new issues with that patch, please, do not hesitate to comment directly in ASTERISK-26190. That way, I am instantly notified via E-mail. | ||