Merged revisions 378220 via svnmerge from

file:///srv/subversion/repos/asterisk/trunk

................
  r378220 | kmoore | 2012-12-31 08:46:06 -0600 (Mon, 31 Dec 2012) | 18 lines

  Ensure chan_sip rejects encrypted streams without crypto info

  This ensures that Asterisk rejects encrypted media streams (RTP/SAVP
  audio and video) that are missing cryptographic keys and ensures that
  the incoming SDP is consistent with RFC4568 as far as having a crypto
  attribute present for any SAVP streams.

  Review: https://reviewboard.asterisk.org/r/2204/
  ........

  Merged revisions 378217 from http://svn.asterisk.org/svn/asterisk/branches/1.8
  ........

  Merged revisions 378218 from http://svn.asterisk.org/svn/asterisk/branches/10
  ........

  Merged revisions 378219 from http://svn.asterisk.org/svn/asterisk/branches/11
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/team/mmichelson/threadpool@378228 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 22a3457675a1fb5979efa1704eb13c78f56a7859..e1dfd5ddd89c732b26bde47607b5b02aae278b10 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -10437,6 +10437,15 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action
                                  type, value,
                                  (processed == TRUE)? "OK." : "UNSUPPORTED OR FAILED.");
                }
+
+               /* Ensure crypto lines are provided where necessary */
+               if (audio && secure_audio && !processed_crypto) {
+                       ast_log(LOG_WARNING, "Rejecting secure audio stream without encryption details: %s\n", m);
+                       return -1;
+               } else if (video && secure_video && !processed_crypto) {
+                       ast_log(LOG_WARNING, "Rejecting secure video stream without encryption details: %s\n", m);
+                       return -1;
+               }
        }
 
        /* Sanity checks */