[asterisk-bugs] [Asterisk 0010300]: memory corruption on freebsd sparc64
noreply at bugs.digium.com
noreply at bugs.digium.com
Thu Jul 26 10:51:24 CDT 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=10300
======================================================================
Reported By: mattias04
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 10300
Category: Channels/chan_sip/General
Reproducibility: always
Severity: major
Priority: normal
Status: new
Asterisk Version: 1.4.9
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 07-25-2007 09:40 CDT
Last Modified: 07-26-2007 10:51 CDT
======================================================================
Summary: memory corruption on freebsd sparc64
Description:
after calling strchr in function set_address_from_contact()
...
/* Grab host */
host = strchr(contact, '@');
...
memory gets corrupted.
strchr should not alter input string.
I suspect that
...
/* Work on a copy */
contact = ast_strdupa(pvt->fullcontact);
...
might have something to do with it.
When doing some debugging I get this:
njord*CLI>
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7779
set_address_from_contact: MWE DEBUG: pvt->fullcontact :
'sip:020252500 at 83.140.41.50'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7781
set_address_from_contact: MWE DEBUG: contact :
'sip:020252500 at 83.140.41.50'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7793
set_address_from_contact: MWE DEBUG: contact : '020252500 at 83.140.41.50'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7795
set_address_from_contact: MWE DEBUG: strchr contact :
'020252500 at 83.140.41.'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7796
set_address_from_contact: MWE DEBUG: strchr host : '@83.140.41.'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7810
set_address_from_contact: MWE DEBUG: contact : '020252500'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7812
set_address_from_contact: MWE DEBUG: contact strsep : '020252500'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7813
set_address_from_contact: MWE DEBUG: host : '83.140.41.'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7815
set_address_from_contact: MWE DEBUG: host strsep : '83.140.41.'
[Jul 25 14:11:43] WARNING[22832]: chan_sip.c:7821
set_address_from_contact: Invalid host name in Contact: (can't resolve in
DNS) : '83.140.41.'
[Jul 25 14:11:50] WARNING[22832]: chan_sip.c:12459 handle_response: Remote
host can't match request BYE to call
'2014421459e28760110e8f3a50dae531 at cx-cust-shg
As you can see the IP address 83.140.41.50 get truncated.
======================================================================
----------------------------------------------------------------------
putnopvut - 07-26-07 10:51
----------------------------------------------------------------------
The only link I'm seeing between the two is that in order to create the
space for the character strings, they both call strlen on the input and
alloca to create a proper-sized stack buffer for the local strings.
What compiler do you use to compile Asterisk?
Issue History
Date Modified Username Field Change
======================================================================
07-26-07 10:51 putnopvut Note Added: 0067929
======================================================================
More information about the asterisk-bugs
mailing list