From 1bd49040c45fe414a4e119a55ea7d5f209c6906a Mon Sep 17 00:00:00 2001 From: Joshua Colp <jcolp@digium.com> Date: Thu, 10 Nov 2016 16:57:49 +0000 Subject: [PATCH] res_pjsip_sdp_rtp: Reject offer of required SRTP without res_srtp. When optimistic SRTP was on it was possible for us to still set up a call without an audio stream if an offer was received with required SRTP. This change makes it so this scenario will now fail with a 488 response. ASTERISK-26575 Change-Id: I7d14187037681f48879bd20319ac79d0877318f3 --- res/res_pjsip_sdp_rtp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c index 3df9df030a..7fd4f9abc0 100644 --- a/res/res_pjsip_sdp_rtp.c +++ b/res/res_pjsip_sdp_rtp.c @@ -909,9 +909,11 @@ static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct res = setup_media_encryption(session, session_media, sdp, stream); if (res) { - if (!session->endpoint->media.rtp.encryption_optimistic) { + if (!session->endpoint->media.rtp.encryption_optimistic || + !pj_strncmp2(&stream->desc.transport, "RTP/SAVP", 8)) { /* If optimistic encryption is disabled and crypto should have been enabled - * but was not this session must fail. + * but was not this session must fail. This must also fail if crypto was + * required in the offer but could not be set up. */ return -1; } -- GitLab