diff options
author | Kinsey Moore <kmoore@digium.com> | 2012-12-31 14:46:06 +0000 |
---|---|---|
committer | Kinsey Moore <kmoore@digium.com> | 2012-12-31 14:46:06 +0000 |
commit | 32472eca7058a03703d09cf58bf2ce1ff901c42a (patch) | |
tree | 9b7187b51a523206c5929b92be0cb2118d52b436 /channels/chan_sip.c | |
parent | 255d82aae35f6057133ebe51aa03f7e341d53961 (diff) |
Ensure chan_sip rejects encrypted streams without crypto info
This ensures that Asterisk rejects encrypted media streams (RTP/SAVP
audio and video) that are missing cryptographic keys and ensures that
the incoming SDP is consistent with RFC4568 as far as having a crypto
attribute present for any SAVP streams.
Review: https://reviewboard.asterisk.org/r/2204/
........
Merged revisions 378217 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 378218 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 378219 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378220 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels/chan_sip.c')
-rw-r--r-- | channels/chan_sip.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 22a345767..e1dfd5ddd 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -10437,6 +10437,15 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action type, value, (processed == TRUE)? "OK." : "UNSUPPORTED OR FAILED."); } + + /* Ensure crypto lines are provided where necessary */ + if (audio && secure_audio && !processed_crypto) { + ast_log(LOG_WARNING, "Rejecting secure audio stream without encryption details: %s\n", m); + return -1; + } else if (video && secure_video && !processed_crypto) { + ast_log(LOG_WARNING, "Rejecting secure video stream without encryption details: %s\n", m); + return -1; + } } /* Sanity checks */ |