[Asterisk-bugs] [Asterisk 0010120]: DoS (as a crash or not) when the Call-Id: of successive SUBSCRIBE packets is identical + Authentication
noreply at bugs.digium.com
noreply at bugs.digium.com
Thu Jul 19 02:44:03 CDT 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=10120
======================================================================
Reported By: clegall_proformatique
Assigned To: russell
======================================================================
Project: Asterisk
Issue ID: 10120
Category: Channels/chan_sip/Subscriptions
Reproducibility: always
Severity: crash
Priority: normal
Status: feedback
Asterisk Version: 1.2.19
SVN Branch (only for SVN checkouts, not tarball releases): 1.2
SVN Revision (number only!): 69597
Disclaimer on File?: No
Request Review:
======================================================================
Date Submitted: 07-05-2007 12:11 CDT
Last Modified: 07-19-2007 02:44 CDT
======================================================================
Summary: DoS (as a crash or not) when the Call-Id: of
successive SUBSCRIBE packets is identical + Authentication
Description:
This happens on Asterisk versions 1.2.18, 1.2.19 and 1.2.20. Not in
Asterisk 1.4.
Let's consider a SIP account used as a watcher that SUBSCRIBEs with an
application/pidf+xml feature.
If :
- this watcher account has a password defined ("secret" field in
sip.conf)
- the successive SUBSCRIBE packets are sent with the SAME "Call-Id"
field
Once 2 (or more) such SUBSCRIBE packets have been sent, then sooner or
later the Asterisk application will be unavailable, either :
- it will crash (segfault)
- no more SIP call will be issued
Issuing SIP calls meanwhile will speed up this happening.
Maybe this is related to 0009836 ?
======================================================================
----------------------------------------------------------------------
clegall_proformatique - 07-19-07 02:44
----------------------------------------------------------------------
russell, oej :
It might not be the trace you request, but I did post this file a while
ago :
07-09-07 12:56 clegall_proformatique File Added:
sip_debug_subscribe_auth.txt
Please tell me what's missing, thanks.
Issue History
Date Modified Username Field Change
======================================================================
07-19-07 02:44 clegall_proformatiqueNote Added: 0067568
======================================================================
More information about the asterisk-bugs
mailing list