Hello Tim,
you are facing a memory corruption issue introduced by the misuse of
the following free functions *pj_strdup2* and *pj_strcat2*.
*pj_strcat2* assumes you own the memory it's about to write to. That
is currently not the case.
Here is the root of your problem:
The type of pjmedia_sdp_attr::value is *pj_str_t*.
With the statement:
pj_strdup2(sdp_pool, &mikey_attr->value, "mikey ");
you allocate enough space (six bytes) to hold the string "mikey ".
In *Create_DH_HMAC_SDP_Attribute* you append your base64 encoded
string to pjmedia_sdp_attr::value bypassing the six bytes you've
previously allocated _but_ you don't own that memory!
There are several ways to solve the problem:
- implement a "void pj_strcat3(pj_pool_t *pool, pj_str_t * dst,
const char *src)" that will automatically adjust the needed memory
space and let dst grow as needed.
- adjust your *base64_buffer* buffer size to hold the "mikey "
string at its front, adjust the third parameter
*base64_encode_block* gets (base64_buffer+6) and replace the
pj_strcat2 statement with a pj_strdup2.
- ...
Best Regards,
Alain Totouom
On 01/16/2013 03:36 PM, McLeod, Tim wrote:
> Sandeep,
>
> Firstly, thank you for your quick response. Secondly:
>
> - The attached file contains the source code for the Create_DH_HMAC_SDP_Attribute function.
> - Correct, Wireshark confirms a corrupt attribute. However, on stepping through the code in a debugger it is a call subsequent to executing Create_DH_HMAC_SDP_Attribute that causes the problem. The section of code in pjsua_media_channel_create_sdp() is as follows:
>
> /* Give to transport */
> status = pjmedia_transport_encode_sdp(call_med->tp, pool, sdp, rem_sdp, mi); <-- SDP attribute created here
> if (status != PJ_SUCCESS)
> {
> if (sip_err_code) *sip_err_code = PJSIP_SC_NOT_ACCEPTABLE;
> return status;
> }
>
> /* Copy c= line of the first media to session level,
> * if there's none.
> */
> if (sdp->conn == NULL)
> {
> sdp->conn = pjmedia_sdp_conn_clone(pool, m->conn); <-- corruption on return from here!
> }
>
> Any help greatly appreciated!
>
> Tim
>
> From: pjsip [mailto:pjsip-bounces@xxxxxxxxxxxxxxx] On Behalf Of Sandeep Karanth
> Sent: 16 January 2013 12:59
> To: pjsip list
> Subject: Re: Custom Session Negotiation
>
> Tim,
> So are you telling me that when you see the wireshark trace the custom attribute you added is present but in a corrupted state? I don't think that pjmedia_sdp_conn_clone is corrupting your attribute, coz if u see the definition of that function it shudn't be affected in anyway!
> I am suspecting that something is done wrongly in Create_DH_HMAC_SDP_Attribute fucntion of yours. I wud be helpful if barebone expansion of this function is known.
>
>
> On Wed, Jan 16, 2013 at 6:01 PM, McLeod, Tim <Tim.McLeod at cassidian.com<mailto:Tim.McLeod at cassidian.com>> wrote:
> Sandeep,
>
> |Good day to you, I hope that you are well?
>
> I think we are moving forward, but my engineer is now experiencing problems whereby it seems that the message is becoming corrupted before the outgoing message can be transmitted. The following is my engineer's description of the problem:
>
> Using "transport_adapter_sample.c" as an example, I am trying to add an attribute to the outgoing SDP message.
>
> I have modified the example code as follows:
>
> /* You may do anything to the local_sdp, e.g. adding new attributes, or
> * even modifying the SDP if you want.
> */
> if (1)
> {
> /* Say we add a proprietary attribute here.. */
> pjmedia_sdp_attr *mikey_attr;
>
> mikey_attr = PJ_POOL_ALLOC_T(sdp_pool, pjmedia_sdp_attr);
>
> pj_strdup2(sdp_pool, &mikey_attr->name, "key-mgmt");
> pj_strdup2(sdp_pool, &mikey_attr->value, "mikey ");
>
> Create_DH_HMAC_SDP_Attribute(sdp_pool, local_sdp, mikey_attr);
>
> pjmedia_sdp_attr_add(&local_sdp->attr_count, local_sdp->attr, my_attr);
> }
>
> Create_DH_HMAC_SDP_Attribute creates a base64 encoded attribute and appends it to "mikey_attr->value".
>
> using
> pj_strcat2(&mikey_atrr->value, base64_buffer);
>
> This appears to work okay, and the attribute is added to the local_sdp, and results in an attribute pj_string something like
>
> "mikey AQcF/kkSBAA............." About 157 bytes in length.
>
> When I step through the routine pjsua_media_channel_create_sdp in pjsua_media.c a call is made to
>
> sdp->conn = pjmedia_sdp_conn_clone(pool, m->conn);
>
> which then overwrites my attribute, resulting in a corrupted message being sent.
>
> Any thoughts/suggestions would be extremely welcome.
>
> Many thanks...
>
> Tim
>
> From: McLeod, Tim
> Sent: 11 January 2013 11:02
> To: 'pjsip list'
> Subject: RE: Custom Session Negotiation
>
> Sandeep,
>
> Thank you for your very quick response. I have passed your suggestion to my engineer who has confirmed that this is exactly the information he needed. Excellent work.
>
> Thanks again...
>
> Tim
>
> From: pjsip [mailto:pjsip-bounces@xxxxxxxxxxxxxxx<mailto:pjsip-bounces at lists.pjsip.org>] On Behalf Of Sandeep Karanth
> Sent: 11 January 2013 05:17
> To: pjsip list
> Subject: Re: Custom Session Negotiation
>
> Hi Tim,
> I guess probably you are using below part of transport_encode_sdp() function to add your custom attribute to sdp.
>
> if (1)
> {
> /* Say we add a proprietary attribute here.. */
> pjmedia_sdp_attr *my_attr;
>
> my_attr = PJ_POOL_ALLOC_T(sdp_pool, pjmedia_sdp_attr);
> pj_strdup2(sdp_pool, &my_attr->name, "X-adapter");
> pj_strdup2(sdp_pool, &my_attr->value, "some value");
>
> pjmedia_sdp_attr_add(&local_sdp->media[media_index]->attr_count, local_sdp->media[media_index]->attr, my_attr);
> }
>
> I think you are probably substituting in the above block 'X-adapter' with your custom attribute. The problem is that pjmedia_sdp_attr_add function highlighted above is adding that parameter as a media parameter and hence it will come as a media parameter.
>
> You can instead substitute the above line with pjmedia_sdp_attr_add(&local_sdp->attr_count,local_sdp->attr,my_attr); and try again. Hopefully this should solve your problem!
>
> Regards,
> Sandeep
> On Fri, Jan 11, 2013 at 10:20 AM, Sandeep Karanth <sandeepk.kdp at gmail.com<mailto:sandeepk.kdp at gmail.com>> wrote:
> Correct me if am wrong! So what you are looking to do is to add a session level attribute i.e a=somevalue before any of the media parameter (m) lines
> but instead it is getting added after some (m) parameter and hence it is effect your custom "a" attribute in effect is becoming a media level attribute??
> On Thu, Jan 10, 2013 at 7:40 PM, McLeod, Tim <Tim.McLeod at cassidian.com<mailto:Tim.McLeod at cassidian.com>> wrote:
> Furthering our project for experimenting with various methods of providing secure VoIP communications we have a need to provide custom negotiation mechanisms. My engineer is currently looking into how this might be incorporated into the existing pjsua functionality. He is encountering difficulties.
>
> He is attempting to insert MIKEY session attributes into SDP message, i.e. a=key-mgmt: mikey {base64 encoded mikey message} by using the function "transport_encode_sdp" in the transport adapter to add the desired mikey message. When capturing the SIP invite message in Wireshark, the coding is translated as a media attribute, the suspicion being that this is the case because it is added to the message after the media description. Is there a clean way to add a session description before the media attribute?
>
> Your help would (once again) be very much appreciated.
>
> Tim McLeod MBCS CITP
> Principal Engineer
> Tel: +44 1633 715097<tel:%2B44%201633%20715097>
> Mob: +44 7765 088364<tel:%2B44%207765%20088364>
> Email: tim.mcleod at cassidian.com<mailto:tim.mcleod at cassidian.com>
> RLI: tim.mcleod at eads.r.mil.uk<mailto:tim.mcleod at eads.r.mil.uk>
> Website: www.cassidian.com<http://www.cassidian.com/>
>
> The information contained within this e-mail and any files attached to this e-mail is private and in addition may include commercially sensitive information. The contents of this e-mail are for the intended recipient only and therefore if you wish to disclose the information contained within this e-mail or attached files, please contact the sender prior to any such disclosure. If you are not the intended recipient, any disclosure, copying or distribution is prohibited. Please also contact the sender and inform them of the error and delete the e-mail, including any attached files from your system. Cassidian Limited, Registered Office : Quadrant House, Celtic Springs, Coedkernew, Newport, NP10 8FZ Company No: 04191036 http://www.cassidian.com
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org<mailto:pjsip at lists.pjsip.org>
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
>
> The information contained within this e-mail and any files attached to this e-mail is private and in addition may include commercially sensitive information. The contents of this e-mail are for the intended recipient only and therefore if you wish to disclose the information contained within this e-mail or attached files, please contact the sender prior to any such disclosure. If you are not the intended recipient, any disclosure, copying or distribution is prohibited. Please also contact the sender and inform them of the error and delete the e-mail, including any attached files from your system. Cassidian Limited, Registered Office : Quadrant House, Celtic Springs, Coedkernew, Newport, NP10 8FZ Company No: 04191036 http://www.cassidian.com
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org<mailto:pjsip at lists.pjsip.org>
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
> The information contained within this e-mail and any files attached to this e-mail is private and in addition may include commercially sensitive information. The contents of this e-mail are for the intended recipient only and therefore if you wish to disclose the information contained within this e-mail or attached files, please contact the sender prior to any such disclosure. If you are not the intended recipient, any disclosure, copying or distribution is prohibited. Please also contact the sender and inform them of the error and delete the e-mail, including any attached files from your system. Cassidian Limited, Registered Office : Quadrant House, Celtic Springs, Coedkernew, Newport, NP10 8FZ Company No: 04191036 http://www.cassidian.com
>
>
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
--
""
(o)(o)
_____o00o__(__)__o00o_____
3072D/146D10DE 2011-09-29 Alain Totouom <totouom at gmx.de>
PGP Fingerprint 39A4F092 FFA7C746 CC305CB0 69091911 146D10DE
