Update for 18.2.2

When Asterisk sends a reinvite negotiating T38 faxing, it's possible a
crash can occur if the response contains a m=image and zero port. The
reinvite callback code now checks session_media to see if it is null or
not before trying to access the udptl variable on it.

ASTERISK-29305

Change-Id: I1dfc51c5fa586e38579ede4bc228edee213ccaa9
(cherry picked from commit 77328142b4)

.version

@@ -1 +1 @@
-18.2.1
+18.2.2

ChangeLog

@@ -1,3 +1,21 @@
+2021-03-04 16:47 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+	* asterisk 18.2.2 Released.
+
+2021-02-25 13:50 +0000 [8c5fe5aac5]  Ben Ford <bford@digium.com>
+
+	* AST-2021-006 - res_pjsip_t38.c: Check for session_media on reinvite.
+
+	  When Asterisk sends a reinvite negotiating T38 faxing, it's possible a
+	  crash can occur if the response contains a m=image and zero port. The
+	  reinvite callback code now checks session_media to see if it is null or
+	  not before trying to access the udptl variable on it.
+
+	  ASTERISK-29305
+
+	  Change-Id: I1dfc51c5fa586e38579ede4bc228edee213ccaa9
+	  (cherry picked from commit 77328142b439235d6423345603a0a59905e54c96)
+
 2021-02-18 16:50 +0000  Asterisk Development Team <asteriskteam@digium.com>
 
 	* asterisk 18.2.1 Released.

asterisk-18.2.1-summary.html

@@ -1,34 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-18.2.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-18.2.1</h3><h3 align="center">Date: 2021-02-18</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2021-001,AST-2021-002,AST-2021-003,AST-2021-004,AST-2021-005.html">AST-2021-001,AST-2021-002,AST-2021-003,AST-2021-004,AST-2021-005</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-18.2.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Ivan Poddubnyi <ivan.poddubny@gmail.com><br/>1 Sean Bright <sean.bright@gmail.com><br/>1 Kevin Harwell <kharwell@sangoma.com><br/>1 Alexander Traud <pabstraud@compuserve.com><br/>1 Joshua C. Colp <jcolp@sangoma.com><br/></td><td width="33%"><td width="33%">1 Mauri de Souza Meneguzzo (3CPlus) <mauri.nunes@fluxoti.com><br/>1 Ivan Poddubny<br/>1 Ivan Poddubny <ivan.poddubny@gmail.com><br/>1 Edvin Vidmar <edvinvidmar@hotmail.com><br/>1 Alexander Traud <pabstraud@compuserve.com><br/>1 Gregory Massel <greg@csurf.co.za><br/>1 Alexander Traud<br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_srtp</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29260">ASTERISK-29260</a>: sRTP Replay Protection ignored; even tears down long calls<br/>Reported by: Alexander Traud<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=0c25e4576fe6bfe47bc74839c10ed1870e0edd8f">[0c25e4576f]</a> Alexander Traud -- rtp:  Enable srtp replay protection</li>
-</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29227">ASTERISK-29227</a>: res_pjsip_diversion: sending multiple 181 responses causes memory corruption and crash<br/>Reported by: Ivan Poddubny<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=56bc4cf0a6cf74ef14edcdcb80eb3d9cc0f30eda">[56bc4cf0a6]</a> Ivan Poddubnyi -- res_pjsip_diversion: Fix adding more than one histinfo to Supported</li>
-</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29196">ASTERISK-29196</a>: res_pjsip: Segmentation fault<br/>Reported by: Mauri de Souza Meneguzzo (3CPlus)<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=239573734a8a5f79c9ed1fabcdb330b3f275d7e1">[239573734a]</a> Joshua C. Colp -- pjsip: Make modify_local_offer2 tolerate previous failed SDP.</li>
-</ul><br><h4>Category: Resources/res_pjsip_session</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29203">ASTERISK-29203</a>: res_pjsip_t38: Crash when changing state<br/>Reported by: Gregory Massel<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=2784c444a408e130232778eb4bd945c0a6187acc">[2784c444a4]</a> Kevin Harwell -- AST-2021-002: Remote crash possible when negotiating T.38</li>
-</ul><br><h4>Category: Resources/res_pjsip_t38</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29203">ASTERISK-29203</a>: res_pjsip_t38: Crash when changing state<br/>Reported by: Gregory Massel<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=2784c444a408e130232778eb4bd945c0a6187acc">[2784c444a4]</a> Kevin Harwell -- AST-2021-002: Remote crash possible when negotiating T.38</li>
-</ul><br><h4>Category: Resources/res_rtp_asterisk</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29205">ASTERISK-29205</a>: res_rtp_asterisk: Asterisk crashes when making hold/unhold from webrtc client<br/>Reported by: Edvin Vidmar<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=076c18e7a2578806786e2e59a32a05f7f6d88619">[076c18e7a2]</a> Sean Bright -- res_rtp_asterisk.c: Fix signed mismatch that leads to overflow</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>configs/samples/rtp.conf.sample                                         |   12 +++++++
-doc/CHANGES-staging/srtp_replay_protection.txt                          |    9 +++++
-doc/UPGRADE-staging/srtp_replay_protection.txt                          |    9 +++++
-res/res_pjsip_diversion.c                                               |   14 ++++++++
-res/res_pjsip_outbound_registration.c                                   |   12 +++++++
-res/res_pjsip_path.c                                                    |   12 +++++++
-res/res_pjsip_session.c                                                 |    9 +++++
-res/res_pjsip_t38.c                                                     |    9 +++++
-res/res_rtp_asterisk.c                                                  |   16 +++++++---
-res/res_srtp.c                                                          |    5 +--
-third-party/pjproject/patches/0080-fix-sdp-neg-modify-local-offer.patch |   14 ++++++++
-11 files changed, 114 insertions(+), 7 deletions(-)</pre><br></html>

asterisk-18.2.1-summary.txt

@@ -1,138 +0,0 @@
-                                Release Summary
-
-                                asterisk-18.2.1
-
-                                Date: 2021-02-18
-
-                           <asteriskteam@digium.com>
-
-     ----------------------------------------------------------------------
-
-                               Table of Contents
-
-    1. Summary
-    2. Contributors
-    3. Closed Issues
-    4. Diffstat
-
-     ----------------------------------------------------------------------
-
-                                    Summary
-
-                                 [Back to Top]
-
-   This release has been made to address one or more security vulnerabilities
-   that have been identified. A security advisory document has been published
-   for each vulnerability that includes additional information. Users of
-   versions of Asterisk that are affected are strongly encouraged to review
-   the advisories and determine what action they should take to protect their
-   systems from these issues.
-
-   Security Advisories:
-
-     * AST-2021-001,AST-2021-002,AST-2021-003,AST-2021-004,AST-2021-005
-
-   The data in this summary reflects changes that have been made since the
-   previous release, asterisk-18.2.0.
-
-     ----------------------------------------------------------------------
-
-                                  Contributors
-
-                                 [Back to Top]
-
-   This table lists the people who have submitted code, those that have
-   tested patches, as well as those that reported issues on the issue tracker
-   that were resolved in this release. For coders, the number is how many of
-   their patches (of any size) were committed into this release. For testers,
-   the number is the number of times their name was listed as assisting with
-   testing a patch. Finally, for reporters, the number is the number of
-   issues that they reported that were affected by commits that went into
-   this release.
-
-   Coders                   Testers       Reporters                           
-   1 Ivan Poddubnyi                       1 Mauri de Souza Meneguzzo (3CPlus) 
-   1 Sean Bright                          1 Ivan Poddubny                     
-   1 Kevin Harwell                        1 Ivan Poddubny                     
-   1 Alexander Traud                      1 Edvin Vidmar                      
-   1 Joshua C. Colp                       1 Alexander Traud                   
-                                          1 Gregory Massel                    
-                                          1 Alexander Traud                   
-
-     ----------------------------------------------------------------------
-
-                                 Closed Issues
-
-                                 [Back to Top]
-
-   This is a list of all issues from the issue tracker that were closed by
-   changes that went into this release.
-
-  Security
-
-    Category: Resources/res_srtp
-
-   ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
-   Reported by: Alexander Traud
-     * [0c25e4576f] Alexander Traud -- rtp: Enable srtp replay protection
-
-    Category: pjproject/pjsip
-
-   ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
-   memory corruption and crash
-   Reported by: Ivan Poddubny
-     * [56bc4cf0a6] Ivan Poddubnyi -- res_pjsip_diversion: Fix adding more
-       than one histinfo to Supported
-
-  Bug
-
-    Category: Resources/res_pjsip
-
-   ASTERISK-29196: res_pjsip: Segmentation fault
-   Reported by: Mauri de Souza Meneguzzo (3CPlus)
-     * [239573734a] Joshua C. Colp -- pjsip: Make modify_local_offer2
-       tolerate previous failed SDP.
-
-    Category: Resources/res_pjsip_session
-
-   ASTERISK-29203: res_pjsip_t38: Crash when changing state
-   Reported by: Gregory Massel
-     * [2784c444a4] Kevin Harwell -- AST-2021-002: Remote crash possible when
-       negotiating T.38
-
-    Category: Resources/res_pjsip_t38
-
-   ASTERISK-29203: res_pjsip_t38: Crash when changing state
-   Reported by: Gregory Massel
-     * [2784c444a4] Kevin Harwell -- AST-2021-002: Remote crash possible when
-       negotiating T.38
-
-    Category: Resources/res_rtp_asterisk
-
-   ASTERISK-29205: res_rtp_asterisk: Asterisk crashes when making hold/unhold
-   from webrtc client
-   Reported by: Edvin Vidmar
-     * [076c18e7a2] Sean Bright -- res_rtp_asterisk.c: Fix signed mismatch
-       that leads to overflow
-
-     ----------------------------------------------------------------------
-
-                                Diffstat Results
-
-                                 [Back to Top]
-
-   This is a summary of the changes to the source code that went into this
-   release that was generated using the diffstat utility.
-
- configs/samples/rtp.conf.sample                                         |   12 +++++++
- doc/CHANGES-staging/srtp_replay_protection.txt                          |    9 +++++
- doc/UPGRADE-staging/srtp_replay_protection.txt                          |    9 +++++
- res/res_pjsip_diversion.c                                               |   14 ++++++++
- res/res_pjsip_outbound_registration.c                                   |   12 +++++++
- res/res_pjsip_path.c                                                    |   12 +++++++
- res/res_pjsip_session.c                                                 |    9 +++++
- res/res_pjsip_t38.c                                                     |    9 +++++
- res/res_rtp_asterisk.c                                                  |   16 +++++++---
- res/res_srtp.c                                                          |    5 +--
- third-party/pjproject/patches/0080-fix-sdp-neg-modify-local-offer.patch |   14 ++++++++
- 11 files changed, 114 insertions(+), 7 deletions(-)

asterisk-18.2.2-summary.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-18.2.2</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-18.2.2</h3><h3 align="center">Date: 2021-03-04</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2021-006.html">AST-2021-006</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-18.2.1.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">1 Ben Ford <bford@digium.com><br/></td><td width="33%"><td width="33%">1 Gregory Massel <greg@csurf.co.za><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_pjsip_t38</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29305">ASTERISK-29305</a>: ASTERISK-29203 / AST-2021-002 -- Another scenario is causing a crash<br/>Reported by: Gregory Massel<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=8c5fe5aac59577bed94b2b75ece0a4d505b56f59">[8c5fe5aac5]</a> Ben Ford -- AST-2021-006 - res_pjsip_t38.c: Check for session_media on reinvite.</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>

asterisk-18.2.2-summary.txt

@@ -0,0 +1,84 @@
+                                Release Summary
+
+                                asterisk-18.2.2
+
+                                Date: 2021-03-04
+
+                           <asteriskteam@digium.com>
+
+     ----------------------------------------------------------------------
+
+                               Table of Contents
+
+    1. Summary
+    2. Contributors
+    3. Closed Issues
+    4. Diffstat
+
+     ----------------------------------------------------------------------
+
+                                    Summary
+
+                                 [Back to Top]
+
+   This release has been made to address one or more security vulnerabilities
+   that have been identified. A security advisory document has been published
+   for each vulnerability that includes additional information. Users of
+   versions of Asterisk that are affected are strongly encouraged to review
+   the advisories and determine what action they should take to protect their
+   systems from these issues.
+
+   Security Advisories:
+
+     * AST-2021-006
+
+   The data in this summary reflects changes that have been made since the
+   previous release, asterisk-18.2.1.
+
+     ----------------------------------------------------------------------
+
+                                  Contributors
+
+                                 [Back to Top]
+
+   This table lists the people who have submitted code, those that have
+   tested patches, as well as those that reported issues on the issue tracker
+   that were resolved in this release. For coders, the number is how many of
+   their patches (of any size) were committed into this release. For testers,
+   the number is the number of times their name was listed as assisting with
+   testing a patch. Finally, for reporters, the number is the number of
+   issues that they reported that were affected by commits that went into
+   this release.
+
+   Coders                   Testers                  Reporters                
+   1 Ben Ford                                        1 Gregory Massel         
+
+     ----------------------------------------------------------------------
+
+                                 Closed Issues
+
+                                 [Back to Top]
+
+   This is a list of all issues from the issue tracker that were closed by
+   changes that went into this release.
+
+  Security
+
+    Category: Resources/res_pjsip_t38
+
+   ASTERISK-29305: ASTERISK-29203 / AST-2021-002 -- Another scenario is
+   causing a crash
+   Reported by: Gregory Massel
+     * [8c5fe5aac5] Ben Ford -- AST-2021-006 - res_pjsip_t38.c: Check for
+       session_media on reinvite.
+
+     ----------------------------------------------------------------------
+
+                                Diffstat Results
+
+                                 [Back to Top]
+
+   This is a summary of the changes to the source code that went into this
+   release that was generated using the diffstat utility.
+
+ 0 files changed

res/res_pjsip_t38.c

@@ -325,7 +325,7 @@ static int t38_reinvite_response_cb(struct ast_sip_session *session, pjsip_rx_da
 		 * If there is a session_media object, but no udptl object available
 		 * then it's assumed the stream was declined.
 		 */
-		if (!session_media->udptl) {
+		if (session_media && !session_media->udptl) {
 			session_media = NULL;
 		}