From: Kinsey Moore <kmoore@digium.com>
Date: Mon, 31 Dec 2012 14:43:26 +0000 (+0000)
Subject: Ensure chan_sip rejects encrypted streams without crypto info
X-Git-Tag: 10.12.0-rc2~3^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fff4b8c898c8e91ed98af3a57071f35404e6b0ec;p=thirdparty%2Fasterisk.git

Ensure chan_sip rejects encrypted streams without crypto info

This ensures that Asterisk rejects encrypted media streams (RTP/SAVP
audio and video) that are missing cryptographic keys and ensures that
the incoming SDP is consistent with RFC4568 as far as having a crypto
attribute present for any SAVP streams.

Review: https://reviewboard.asterisk.org/r/2204/
........

Merged revisions 378217 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@378218 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 658fe55a9a..b7ca83b0d6 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -9770,6 +9770,15 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action
 				  type, value,
 				  (processed == TRUE)? "OK." : "UNSUPPORTED OR FAILED.");
 		}
+
+		/* Ensure crypto lines are provided where necessary */
+		if (audio && secure_audio && !processed_crypto) {
+			ast_log(LOG_WARNING, "Rejecting secure audio stream without encryption details: %s\n", m);
+			return -1;
+		} else if (video && secure_video && !processed_crypto) {
+			ast_log(LOG_WARNING, "Rejecting secure video stream without encryption details: %s\n", m);
+			return -1;
+		}
 	}
 
 	/* Sanity checks */