BUG IncrediblePBX 13.13: SRTP connection attempt crashes asterisk.

qtlnx

Member
Joined
Mar 9, 2016
Messages
127
Reaction score
6
(gdb) where
#0 0x00007fd762085191 in _IO_vfscanf_internal ([email protected]=0x7fd702de27a0,
[email protected]=0x60d3c3 "%30d", [email protected]=0x7fd702de28c8, [email protected]=0x0)
at vfscanf.c:1826
#1 0x00007fd76209a367 in _IO_vsscanf (string=0x7fd702de29c0 "1", format=0x60d3c3 "%30d",
[email protected]=0x7fd702de28c8) at iovsscanf.c:44
#2 0x00007fd7620942d7 in __sscanf ([email protected]=0x7fd702de29c0 "1", [email protected]=0x60d3c3 "%30d")
at sscanf.c:33
#3 0x00000000005b44c3 in ast_sdp_crypto_process ([email protected]=0x7fd738018760, srtp=0x7fd73801a180,
[email protected]=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE") at sdp_srtp.c:263
#4 0x00007fd721fdcaca in process_crypto ([email protected]=0x7fd73801daf0, rtp=0x7fd738018760,
[email protected]=0x7fd73801eef8,
a=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE",
[email protected]=0x7fd738012de1 "crypto:1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE", [email protected]=1) at chan_sip.c:33988
#5 0x00007fd721ff7a79 in process_sdp ([email protected]=0x7fd73801daf0, [email protected]=0x7fd702de5600,
[email protected]=1) at chan_sip.c:10749
#6 0x00007fd722055b2e in handle_request_invite ([email protected]=0x7fd73801daf0, [email protected]=0x7fd702de5600,
[email protected]=0x7fd754004150, seqno=<optimized out>, [email protected]=0x7fd702de5080,
[email protected]=0x7fd738012a0f "sip:[email protected]", [email protected]=0x7fd702de50a0)
at chan_sip.c:26397
#7 0x00007fd72205b35d in handle_incoming ([email protected]=0x7fd73801daf0, [email protected]=0x7fd702de5600,
[email protected]=0x7fd754004150, [email protected]=0x7fd702de5080,
[email protected]=0x7fd702de50a0) at chan_sip.c:28940
#8 0x00007fd72205d9db in handle_request_do ([email protected]=0x7fd702de5600, [email protected]=0x7fd754004150)
at chan_sip.c:29149
#9 0x00007fd72205e469 in _sip_tcp_helper_thread (tcptls_session=0x7fd754004130) at chan_sip.c:3086
#10 0x00000000005db42d in handle_tcptls_connection ([email protected]=0x7fd754004130) at tcptls.c:793
#11 0x00000000005e9f2a in dummy_start (data=<optimized out>) at utils.c:1239
#12 0x00007fd762d84e25 in start_thread (arg=0x7fd702de8700) at pthread_create.c:308
#13 0x00007fd762127bad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
 
Last edited:
Joined
Oct 26, 2013
Messages
55
Reaction score
20
(gdb) where
#0 0x00007fd762085191 in _IO_vfscanf_internal ([email protected]=0x7fd702de27a0,
[email protected]=0x60d3c3 "%30d", [email protected]=0x7fd702de28c8, [email protected]=0x0)
at vfscanf.c:1826
#1 0x00007fd76209a367 in _IO_vsscanf (string=0x7fd702de29c0 "1", format=0x60d3c3 "%30d",
[email protected]=0x7fd702de28c8) at iovsscanf.c:44
#2 0x00007fd7620942d7 in __sscanf ([email protected]=0x7fd702de29c0 "1", [email protected]=0x60d3c3 "%30d")
at sscanf.c:33
#3 0x00000000005b44c3 in ast_sdp_crypto_process ([email protected]=0x7fd738018760, srtp=0x7fd73801a180,
[email protected]=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE") at sdp_srtp.c:263
#4 0x00007fd721fdcaca in process_crypto ([email protected]=0x7fd73801daf0, rtp=0x7fd738018760,
[email protected]=0x7fd73801eef8,
a=0x7fd738012de8 "1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE",
[email protected]=0x7fd738012de1 "crypto:1 AES_CM_128_HMAC_SHA1_80 inline:vlqMl3M+fo6KqSI1rasByiZtzHrMRaMwa15Uw6ZE", [email protected]=1) at chan_sip.c:33988
#5 0x00007fd721ff7a79 in process_sdp ([email protected]=0x7fd73801daf0, [email protected]=0x7fd702de5600,
[email protected]=1) at chan_sip.c:10749
#6 0x00007fd722055b2e in handle_request_invite ([email protected]=0x7fd73801daf0, [email protected]=0x7fd702de5600,
[email protected]=0x7fd754004150, seqno=<optimized out>, [email protected]=0x7fd702de5080,
[email protected]=0x7fd738012a0f "sip:[email protected]", [email protected]=0x7fd702de50a0)
at chan_sip.c:26397
#7 0x00007fd72205b35d in handle_incoming ([email protected]=0x7fd73801daf0, [email protected]=0x7fd702de5600,
[email protected]=0x7fd754004150, [email protected]=0x7fd702de5080,
[email protected]=0x7fd702de50a0) at chan_sip.c:28940
#8 0x00007fd72205d9db in handle_request_do ([email protected]=0x7fd702de5600, [email protected]=0x7fd754004150)
at chan_sip.c:29149
#9 0x00007fd72205e469 in _sip_tcp_helper_thread (tcptls_session=0x7fd754004130) at chan_sip.c:3086
#10 0x00000000005db42d in handle_tcptls_connection ([email protected]=0x7fd754004130) at tcptls.c:793
#11 0x00000000005e9f2a in dummy_start (data=<optimized out>) at utils.c:1239
#12 0x00007fd762d84e25 in start_thread (arg=0x7fd702de8700) at pthread_create.c:308
#13 0x00007fd762127bad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
See this link: https://pbxinaflash.com/community/posts/134282/
 

qtlnx

Member
Joined
Mar 9, 2016
Messages
127
Reaction score
6
Dear @wardmundy ! Please incorporate this into IncrediblePBX-13-13.sh, update all released ISOs and other images.
SRTP now works...
--- srtp_aead_and_big_aes.patch.orig 2018-05-31 09:04:02.180301624 -0400
+++ srtp_aead_and_big_aes.patch 2018-05-31 09:32:55.807723736 -0400
@@ -436,7 +436,7 @@
@@ -240,5 +261,5 @@

- /* RFC4568 9.1 - tag is 1-9 digits, greater than zero */
-- if (sscanf(tag, "%30d", &crypto->tag) != 1 || crypto->tag <= 0 || crypto->tag > 999999999) {
-+ if (sscanf(tag, "%30d", &tag_from_sdp) != 1 || tag_from_sdp <= 0 || tag_from_sdp > 999999999) {
+ /* RFC4568 9.1 - tag is 1-9 digits */
+- if (sscanf(tag, "%30d", &crypto->tag) != 1 || crypto->tag < 0 || crypto->tag > 999999999) {
++ if (sscanf(tag, "%30d", &tag_from_sdp) != 1 || tag_from_sdp < 0 || tag_from_sdp > 999999999) {
ast_log(LOG_WARNING, "Unacceptable a=crypto tag: %s\n", tag);
return -1;

Here is base64 encoded since copy from screen most likely won't work:
$ base64 srtp_aead_and_big_aes.patch.patch
LS0tIHNydHBfYWVhZF9hbmRfYmlnX2Flcy5wYXRjaC5vcmlnCTIwMTgtMDUtMzEgMDk6MDQ6MDIu
MTgwMzAxNjI0IC0wNDAwCisrKyBzcnRwX2FlYWRfYW5kX2JpZ19hZXMucGF0Y2gJMjAxOC0wNS0z
MSAwOTozMjo1NS44MDc3MjM3MzYgLTA0MDAKQEAgLTQzNiw3ICs0MzYsNyBAQAogQEAgLTI0MCw1
ICsyNjEsNSBAQAogIAotIAkvKiBSRkM0NTY4IDkuMSAtIHRhZyBpcyAxLTkgZGlnaXRzLCBncmVh
dGVyIHRoYW4gemVybyAqLwotLQlpZiAoc3NjYW5mKHRhZywgIiUzMGQiLCAmY3J5cHRvLT50YWcp
ICE9IDEgfHwgY3J5cHRvLT50YWcgPD0gMCB8fCBjcnlwdG8tPnRhZyA+IDk5OTk5OTk5OSkgewot
KwlpZiAoc3NjYW5mKHRhZywgIiUzMGQiLCAmdGFnX2Zyb21fc2RwKSAhPSAxIHx8IHRhZ19mcm9t
X3NkcCA8PSAwIHx8IHRhZ19mcm9tX3NkcCA+IDk5OTk5OTk5OSkgeworIAkvKiBSRkM0NTY4IDku
MSAtIHRhZyBpcyAxLTkgZGlnaXRzICovCistCWlmIChzc2NhbmYodGFnLCAiJTMwZCIsICZjcnlw
dG8tPnRhZykgIT0gMSB8fCBjcnlwdG8tPnRhZyA8IDAgfHwgY3J5cHRvLT50YWcgPiA5OTk5OTk5
OTkpIHsKKysJaWYgKHNzY2FuZih0YWcsICIlMzBkIiwgJnRhZ19mcm9tX3NkcCkgIT0gMSB8fCB0
YWdfZnJvbV9zZHAgPCAwIHx8IHRhZ19mcm9tX3NkcCA+IDk5OTk5OTk5OSkgewogIAkJYXN0X2xv
ZyhMT0dfV0FSTklORywgIlVuYWNjZXB0YWJsZSBhPWNyeXB0byB0YWc6ICVzXG4iLCB0YWcpOwog
IAkJcmV0dXJuIC0xOwo=


 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
14,962
Reaction score
2,582
@qtlnx: We don't use SRTP so kindly document how the following lines in the script should be modified to support your patch. Thanks.
Code:
wget https://issues.asterisk.org/jira/secure/attachment/54233/srtp_aead_and_big_aes.patch
sed -i 's|crypto->tag <= 0|crypto->tag <= 0crypto->tag < 0|' srtp_aead_and_big_aes.patch
patch -p0 <./srtp_aead_and_big_aes.patch
My assumption is that it would look something like this after converting your base64 patch.patch to a text file:
Code:
wget https://issues.asterisk.org/jira/secure/attachment/54233/srtp_aead_and_big_aes.patch
wget http://incrediblepbx.com/srtp_aead_and_big_aes.patch.patch
patch -p0 <./srtp_aead_and_big_aes.patch.patch
patch -p0 <./srtp_aead_and_big_aes.patch
Correct??
 
Last edited:

qtlnx

Member
Joined
Mar 9, 2016
Messages
127
Reaction score
6
Seems correct. I just ran above sequence manually.
 

restamp

Member
Joined
Apr 24, 2016
Messages
97
Reaction score
52
Thanks to the both of you for this exchange. Now I can finally turn on SRTP on my remote extensions, and (1) no more cores/SIGSEGs, and (2) it actually works!
 

qtlnx

Member
Joined
Mar 9, 2016
Messages
127
Reaction score
6
I wonder what prevents @wardmundy from using asterisk 15 and abandon this unsupported patch.
But yes, SRTP is now working, I did a fresh test install. There are still some errors during the process but resulting system appears to operate more or less clean.
I am glad a least one person besides myself is interested in SRTP....
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
14,962
Reaction score
2,582
I wonder what prevents @wardmundy from using asterisk 15 and abandon this unsupported patch.
We've never supported non-LTS releases of Asterisk. LTS versions are labor-intensive enough without adding the complexity of annual releases. FWIW Asterisk 15 should have been an LTS release. The pattern always has been every other release. But that's where we are so we're deferring an Asterisk upgrade until Asterisk 16 is available later this year.
 

qtlnx

Member
Joined
Mar 9, 2016
Messages
127
Reaction score
6
Thanks for the explanation. I am not familiar with Asterisk release process. Regardless, it would be very helpful if someone could thoughtfully review the SRTP related patch because it was initially crafted for 13.12, applies to 13.21 with significant fuzz and, moreover, some logic in 15.x, where the code officially went in, has changed. I did my best comparing with 15-current but second set of eyes won't hurt. Otherwise, BRIA, Linphone and grandstream clients don't exhibit any problems in SRTP mode.
 
Joined
Oct 26, 2013
Messages
55
Reaction score
20
If I use libsrtp2, Asterisk will still segfault, but using libsrtp, it does not. And this is with the above patches applied...so looks as if there is still an issue with libsrtp2...
 

qtlnx

Member
Joined
Mar 9, 2016
Messages
127
Reaction score
6
If I use libsrtp2, Asterisk will still segfault,
I am told that original patch author released updated patch which supports libsrtp2 as well. I suppose new patch will apply cleanly to latest 13.x AND provide support for libsrtp2 so it is worth getting it.
 
Joined
Oct 26, 2013
Messages
55
Reaction score
20
I am told that original patch author released updated patch which supports libsrtp2 as well. I suppose new patch will apply cleanly to latest 13.x AND provide support for libsrtp2 so it is worth getting it.
Nice one! That seems to have done the trick. Applied this patch https://issues.asterisk.org/jira/browse/ASTERISK-26190, to a fresh Asterisk 13.22.0. Purged the existing libsrtp packages:

apt purge libsrtp0 libsrtp0-dev libsrtp2-1 libsrtp2-dev

Then pulled down the latest libsrtp and installed:
Code:
cd /usr/src
git clone https://github.com/cisco/libsrtp.git
cd libsrtp/
./configure --enable-openssl
make shared_library
make install
ldconfig
Now compiled Asterisk:
Code:
CFLAGS='-DENABLE_SRTP_AES_256 -DENABLE_SRTP_AES_GCM' ./configure --libdir=/usr/lib --with-pjproject-bundled
make menuselect....... (filled out the appropriate settings)
make
make install
ldconfig
Asterisk no longer segfaults and I see this in my SIP exchange:
Code:
Content-Type: application/sdp
Content-Length:   410

v=0
o=- 20338 20340 IN IP4 XX.XX.XX.XX
s=Asterisk
c=IN IP4 XX.XX.XX.X
t=0 0
m=audio 10266 RTP/AVP 0 8 9 18 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:YbETVhuKYU+OC35PbReWn7vfuzGKirdXEMEGGC0W  <-------------
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
14,962
Reaction score
2,582
I am told that original patch author released updated patch which supports libsrtp2 as well. I suppose new patch will apply cleanly to latest 13.x AND provide support for libsrtp2 so it is worth getting it.
For new installs, do we still need a patch to Asterisk as well?? If so, can someone provide a link? Thanks.
 
Joined
Oct 26, 2013
Messages
55
Reaction score
20
For new installs, do we still need a patch to Asterisk as well?? If so, can someone provide a link? Thanks.
Ward, the link that I posted above contains the file srtp_aead_and_big_aes.patch and is dated August 29, so it is very recent. It applies cleanly to Asterisk 13.22.0. The original link https://issues.asterisk.org/jira/secure/attachment/54233/srtp_aead_and_big_aes.patch no longer exist. I would update to this latest patch for SRTP, as it not only doesn't require any additional patching, but it seems to fix the issue with Asterisk core dumping when enabling SRTP.

And I was able to confirm that my phone connected with AES_128, which is all my phone will support.

Thanks
 

Members online

No members online now.

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,274
Messages
136,540
Members
14,505
Latest member
athan