| Summary: | ASTERISK-15871: T.38 faxmaxdatagram overflows with UDPFEC, works with "t38pt_udptl=yes,redundancy" (udptl.c) | ||
| Reporter: | Roberto La Rosa (rlr2maverick) | Labels: | |
| Date Opened: | 2010-03-24 09:36:27 | Date Closed: | 2011-07-26 14:52:08 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/T.38 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Our 1.6.1.18 works with any sort of fax call using standard ReceiveFax and SendFax provided by appfax, only after changing UDPFEC default parameter which causes a buffer overflow with faxmaxdatagram (properly negotiated as per 180 among ATA and Cisco 3825). The environment consist of: FAX <-> ATA <-> ASTERISK <-> ROUTER 3825 <-> PSTN (audio fax) ^^^ ^^^ faxmaxdatagram=180 faxmaxdatagram=180 SIP debug shows faxmaxdatagram properly negotiated but following ECM packets are discarded by 3825 causing either fax call to abort prematurely, packets encoded with UDPFEC overflow the maximum admitted size. changing udpfec (default) with "t38pt_udptl=yes,redundancy" we got near 100% fax send/receive success. ****** ADDITIONAL INFORMATION ****** from main/udptl.c /* Encode the open type */ for (octet_idx = 0; ; num_octets -= enclen, octet_idx += enclen) { if ((enclen = encode_length(buf, len, num_octets)) < 0) return -1; if (enclen + *len > buflen) { ---------------> ast_log(LOG_ERROR, "(%s): Buffer overflow detected (%d + %d > %d)\n", LOG_TAG(udptl), enclen, *len, buflen); return -1; } if (enclen > 0) { memcpy(&buf[*len], &data[octet_idx], enclen); *len += enclen; } if (enclen >= num_octets) break; } "main/udptl.c" line 302 of 1511 --19%-- col 41-62 from sip_general_additional.conf ... t38pt_udptl=yes,redundancy ... | ||
| Comments: | By: Leif Madsen (lmadsen) 2010-03-24 09:51:28 Could you provide some logging that shows what is going on here? Also someone in support mentioned that this may already be a known problem in the binary, and that it should be fixed in 1.1.7. By: Leif Madsen (lmadsen) 2010-03-24 10:13:47 Ah it seems 1.1.7 won't be released, it'll be 1.2.0 Anyways Matt Nicholson doesn't think this may be related to app_fax directly, but appears to be a UDPTL bug. I'm going to Acknowledge this now, but we'll need some logging information to determine where the issue may ultimately lie. By: Roberto La Rosa (rlr2maverick) 2010-03-24 10:47:14 udptl.c related problem confirmed !!! (as per my recent additional information). I found lot of " ... Buffer overflow detected ... " in full logfile. The only code where it could lie is udptl.c line 302 [Mar 18 17:27:05] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (77 + 170 > 180) [Mar 18 17:27:05] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (77 + 170 > 180) [Mar 18 17:27:05] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (77 + 170 > 180) [Mar 18 17:27:05] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (77 + 170 > 180) [Mar 18 17:27:05] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (77 + 170 > 180) [Mar 18 17:27:05] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (77 + 104 > 180) [Mar 18 17:27:13] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (65 + 146 > 180) [Mar 18 17:27:13] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (65 + 146 > 180) [Mar 18 17:27:13] ERROR[12132] udptl.c: (SIP/00243828330): Buffer overflow detected (65 + 146 > 180) By: Matthew Nicholson (mnicholson) 2011-07-26 14:51:57.386-0500 The remote host is using a maxdatagram that is too small. Try setting {{t38pt_udptl=yes,maxdatagram=200}} in sip.conf. If this continues, increase the {{maxdatagram}} value. | ||