FS-10667: [core] Segfault in crypto / srtp #resolve

author Anthony Minessale <anthm@freeswitch.org>

Wed, 13 Sep 2017 22:28:40 +0000 (17:28 -0500)

committer Anthony Minessale <anthm@freeswitch.org>

Wed, 13 Sep 2017 22:28:40 +0000 (17:28 -0500)
author Anthony Minessale <anthm@freeswitch.org>
Wed, 13 Sep 2017 22:28:40 +0000 (17:28 -0500)
committer Anthony Minessale <anthm@freeswitch.org>
Wed, 13 Sep 2017 22:28:40 +0000 (17:28 -0500)
diff --git a/src/switch_rtp.c b/src/switch_rtp.c

index 8568f886f0f7303b39d94320b09b4abac1bbade3..94532da35ee76d970f3dbac8a38352aebc2489ba 100644 (file)
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3571,24 +3571,28 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_del_dtls(switch_rtp_t *rtp_session, d
  #ifdef ENABLE_SRTP
         if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND]) {
                 int x;
+
+               rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND] = 0;
+
                 for(x = 0; x < 2; x++) {
                         if (rtp_session->send_ctx[x]) {
                                 srtp_dealloc(rtp_session->send_ctx[x]);
                                 rtp_session->send_ctx[x] = NULL;
                         }
                 }
-               rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND] = 0;
         }
  
         if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV]) {
                 int x;
+
+               rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] = 0;
+
                 for (x = 0; x < 2; x++) {
                         if (rtp_session->recv_ctx[x]) {
                                 srtp_dealloc(rtp_session->recv_ctx[x]);
                                 rtp_session->recv_ctx[x] = NULL;
                         }
                 }
-               rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] = 0;
         }
  #endif
  
@@ -5764,7 +5768,7 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
                 }
         }
  
-       switch_mutex_unlock(rtp_session->ice_mutex);
+
  
         if (status == SWITCH_STATUS_SUCCESS && *bytes) {
                 if (rtp_session->flags[SWITCH_RTP_FLAG_RTCP_MUX]) {
@@ -5788,12 +5792,13 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
                                         *bytes = sbytes;
                                 }
  #endif
+                               switch_mutex_unlock(rtp_session->ice_mutex);
                                 return SWITCH_STATUS_SUCCESS;
                         }
                 }
         }
  
-
+       switch_mutex_unlock(rtp_session->ice_mutex);
  
         if ((*bytes && (!rtp_write_ready(rtp_session, *bytes, __LINE__) || !rtp_session->has_rtp || rtp_session->has_rtcp)) || sync) {
                 rtp_session->hot_hits = 0;
@@ -5942,6 +5947,7 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
  #endif
  
  #ifdef ENABLE_SRTP
+                       switch_mutex_lock(rtp_session->ice_mutex);
                         if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] && rtp_session->has_rtp &&
                                 (check_recv_payload(rtp_session) ||
                                  rtp_session->last_rtp_hdr.pt == rtp_session->recv_te ||
@@ -5960,6 +5966,7 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
                                                 rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] = 0;
                                                 switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR, "Error! RE-Activating Secure RTP RECV\n");
                                                 rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] = 0;
+                                               switch_mutex_unlock(rtp_session->ice_mutex);
                                                 return SWITCH_STATUS_FALSE;
                                         } else {
  
@@ -5968,7 +5975,7 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
                                         }
                                 }
  
-                               if (!(*flags & SFF_PLC)) {
+                               if (!(*flags & SFF_PLC) && rtp_session->recv_ctx[rtp_session->srtp_idx_rtp]) {
                                         stat = srtp_unprotect(rtp_session->recv_ctx[rtp_session->srtp_idx_rtp], &rtp_session->recv_msg.header, &sbytes);
                                         if (rtp_session->flags[SWITCH_RTP_FLAG_NACK] && stat == srtp_err_status_replay_fail) {
                                                 /* false alarm nack */
@@ -5976,6 +5983,7 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
                                                 stat = 0;
                                                 sbytes = 0;
                                                 *bytes = 0;
+                                               switch_mutex_unlock(rtp_session->ice_mutex);
                                                 goto more;
                                         }
                                 }
@@ -6008,6 +6016,7 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
  
                                 *bytes = sbytes;
                         }
+                       switch_mutex_unlock(rtp_session->ice_mutex);
  #endif
                 }
  
@@ -8204,6 +8213,7 @@ static int rtp_common_write(switch_rtp_t *rtp_session,
                 }
  
  #ifdef ENABLE_SRTP
+               switch_mutex_lock(rtp_session->ice_mutex);
                 if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND]) {
                         int sbytes = (int) bytes;
                         srtp_err_status_t stat;
@@ -8220,6 +8230,7 @@ static int rtp_common_write(switch_rtp_t *rtp_session,
                                                                           "Error! RE-Activating %s Secure RTP SEND\n", rtp_type(rtp_session));
                                         rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND] = 0;
                                         ret = -1;
+                                       switch_mutex_unlock(rtp_session->ice_mutex);
                                         goto end;
                                 } else {
                                         switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_INFO,
@@ -8237,6 +8248,7 @@ static int rtp_common_write(switch_rtp_t *rtp_session,
  
                         bytes = sbytes;
                 }
+               switch_mutex_unlock(rtp_session->ice_mutex);
  #endif
  #ifdef ENABLE_ZRTP
                 /* ZRTP Send */
author	Anthony Minessale <anthm@freeswitch.org>
	Wed, 13 Sep 2017 22:28:40 +0000 (17:28 -0500)
committer	Anthony Minessale <anthm@freeswitch.org>
	Wed, 13 Sep 2017 22:28:40 +0000 (17:28 -0500)