[Asterisk-bugs] [Asterisk 0010120]: DoS (as a crash or not) when the Call-Id: of successive SUBSCRIBE packets is identical + Authentication

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Jul 6 17:49:39 CDT 2007


The following issue requires your FEEDBACK. 
====================================================================== 
http://bugs.digium.com/view.php?id=10120 
====================================================================== 
Reported By:                clegall_proformatique
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10120
Category:                   Channels/chan_sip/Subscriptions
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:            1.2.19  
SVN Branch (only for SVN checkouts, not tarball releases):  1.2  
SVN Revision (number only!): 69597 
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             07-05-2007 12:11 CDT
Last Modified:              07-06-2007 17:49 CDT
====================================================================== 
Summary:                    DoS (as a crash or not) when the Call-Id: of
successive SUBSCRIBE packets is identical + Authentication
Description: 
This happens on Asterisk versions 1.2.18, 1.2.19 and 1.2.20. Not in
Asterisk 1.4.

Let's consider a SIP account used as a watcher that SUBSCRIBEs with an
application/pidf+xml feature.
If :
 - this watcher account has a password defined ("secret" field in
sip.conf)
 - the successive SUBSCRIBE packets are sent with the SAME "Call-Id"
field

Once 2 (or more) such SUBSCRIBE packets have been sent, then sooner or
later the Asterisk application will be unavailable, either :
 - it will crash (segfault)
 - no more SIP call will be issued

Issuing SIP calls meanwhile will speed up this happening.

Maybe this is related to 0009836 ?

====================================================================== 

---------------------------------------------------------------------- 
 russell - 07-06-07 17:49  
---------------------------------------------------------------------- 
Can you give the latest code in the 1.2 branch another try after those
commits I just made? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-06-07 17:49  russell        Note Added: 0066639                          
07-06-07 17:49  russell        Status                   new => feedback     
======================================================================




More information about the Asterisk-bugs mailing list