[Asterisk-bugs] [Asterisk 0010120]: DoS (as a crash or not) when the Call-Id: of successive SUBSCRIBE packets is identical + Authentication

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Jul 18 20:37:34 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10120 
====================================================================== 
Reported By:                clegall_proformatique
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   10120
Category:                   Channels/chan_sip/Subscriptions
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:            1.2.19  
SVN Branch (only for SVN checkouts, not tarball releases):  1.2  
SVN Revision (number only!): 69597 
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             07-05-2007 12:11 CDT
Last Modified:              07-18-2007 20:37 CDT
====================================================================== 
Summary:                    DoS (as a crash or not) when the Call-Id: of
successive SUBSCRIBE packets is identical + Authentication
Description: 
This happens on Asterisk versions 1.2.18, 1.2.19 and 1.2.20. Not in
Asterisk 1.4.

Let's consider a SIP account used as a watcher that SUBSCRIBEs with an
application/pidf+xml feature.
If :
 - this watcher account has a password defined ("secret" field in
sip.conf)
 - the successive SUBSCRIBE packets are sent with the SAME "Call-Id"
field

Once 2 (or more) such SUBSCRIBE packets have been sent, then sooner or
later the Asterisk application will be unavailable, either :
 - it will crash (segfault)
 - no more SIP call will be issued

Issuing SIP calls meanwhile will speed up this happening.

Maybe this is related to 0009836 ?

====================================================================== 

---------------------------------------------------------------------- 
 russell - 07-18-07 20:37  
---------------------------------------------------------------------- 
clegall_proformatique:  Can you please provide that SIP trace so that we
can close out the issue?  Thank you ... 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-18-07 20:37  russell        Note Added: 0067563                          
======================================================================

More information about the asterisk-bugs mailing list