![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 13 years ago
Closed 13 years ago
#1456 closed defect (fixed)
Crash on SRTP unprotect after SRTP restarted on replay error (thanks Dan Arrhenius for the report)
| Reported by: | nanang | Owned by: | nanang |
|---|---|---|---|
| Priority: | normal | Milestone: | release-1.14 |
| Component: | pjmedia | Version: | 1.x-branch |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
Scenario reported:
- A packet arrives and srtp_rtp_cb() is called.
- srtp_unprotect() returns replay error, triggering pjmedia_transport_srtp_start(). The problem starts from here as internal SRTP states tx_policy and rx_policy is used directly in pjmedia_transport_srtp_start() call param.
- pjmedia_transport_srtp_start() first invokes pjmedia_transport_srtp_stop(), which nullifies the above tx_policy and rx_policy.
- things start going wrong (invalid SRTP and libSRTP states/contexts generated).
- pjmedia_transport_srtp_start() returns PJ_SUCCESS, triggering another srtp_unprotect() call which expectedly leading to a crash!
Change History (1)
comment:1 Changed 13 years ago by nanang
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
(In [3961]) Fix #1456: don't use SRTP internal state (tx_policy/rx_policy) directly for calling pjmedia_transport_srtp_start() in restarting SRTP after getting replay error.