[asterisk-bugs] [Asterisk 0012372]: chan_sip.c: realtime_peer function make crash on version 1.4.19 and 1.6.0Beta7.1

noreply at bugs.digium.com noreply at bugs.digium.com
Sat Apr 5 12:16:29 CDT 2008


The following issue has been RESOLVED. 
====================================================================== 
http://bugs.digium.com/view.php?id=12372 
====================================================================== 
Reported By:                tecnoxarxa
Assigned To:                file
====================================================================== 
Project:                    Asterisk
Issue ID:                   12372
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     resolved
Asterisk Version:           1.4.19 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 duplicate
Duplicate:                  12362
Fixed in Version:           
====================================================================== 
Date Submitted:             04-05-2008 11:38 CDT
Last Modified:              04-05-2008 12:16 CDT
====================================================================== 
Summary:                    chan_sip.c: realtime_peer function make crash on
version 1.4.19 and 1.6.0Beta7.1
Description: 
This is my problem (1.4.19):

Core was generated by `/usr/sbin/asterisk -f -p -g -c'.
Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0  0xb7653a80 in realtime_peer
(newpeername=0xbfede360 "Tecnoxarxa0",
sin=0x0) at chan_sip.c:2547
2547                                                    if (!(hp =
ast_gethostbyname(tmp->value, &ahp)) || (memcmp(&hp->h_addr,
&sin->sin_addr, sizeof(hp->h_addr)))) {
(gdb) bt
http://bugs.digium.com/view.php?id=0  0xb7653a80 in realtime_peer
(newpeername=0xbfede360 "Tecnoxarxa0",
sin=0x0) at chan_sip.c:2547
http://bugs.digium.com/view.php?id=1  0xb7654585 in find_peer (peer=0xbfede360
"Tecnoxarxa0", sin=0x0,
realtime=1) at chan_sip.c:2676
http://bugs.digium.com/view.php?id=2  0xb76967ad in sip_devicestate
(data=0xbfede804) at chan_sip.c:15896
http://bugs.digium.com/view.php?id=3  0x080a0a5a in ast_device_state
(device=0xbfede894 "SIP/Tecnoxarxa0")
at devicestate.c:170
http://bugs.digium.com/view.php?id=4  0x080d4aa1 in ast_extension_state2
(e=0x84bd618) at pbx.c:1931
http://bugs.digium.com/view.php?id=5  0x080d5519 in ast_add_hint (e=0x84bd618)
at pbx.c:2209
http://bugs.digium.com/view.php?id=6  0x080dc4eb in ast_add_extension2
(con=0x84bd3d0, replace=0,
extension=0xbfedfa14 "200", priority=-1, label=0x0, callerid=0x0,
application=0x841cb69 "SIP/Tecnoxarxa0", data=0x841cbf0, datad=0xb71c0398
<ast_free>,
    registrar=0xb71c8363 "pbx_config") at pbx.c:4869
http://bugs.digium.com/view.php?id=7  0xb71c75af in pbx_load_config
(config_file=0xb71c8353
"extensions.conf") at pbx_config.c:2306
http://bugs.digium.com/view.php?id=8  0xb71c811f in pbx_load_module () at
pbx_config.c:2453
http://bugs.digium.com/view.php?id=9  0xb71c81a6 in load_module () at
pbx_config.c:2470
http://bugs.digium.com/view.php?id=10 0x080bfd2d in load_resource
(resource_name=0x81bdef8 "pbx_config.so",
global_symbols_only=0) at loader.c:680
http://bugs.digium.com/view.php?id=11 0x080c05d3 in load_modules
(preload_only=0) at loader.c:874
http://bugs.digium.com/view.php?id=12 0x08072fc1 in main (argc=5,
argv=0xbfee0444) at asterisk.c:2965
http://bugs.digium.com/view.php?id=13 0xb7df8ea8 in __libc_start_main () from
/lib/tls/libc.so.6
http://bugs.digium.com/view.php?id=14 0x08057d51 in ?? () at
../sysdeps/i386/elf/start.S:119


This is a 1.4.18.1 version for this funcion working perfectly:

static struct sip_peer *realtime_peer(const char *newpeername, struct
sockaddr_in *sin)

....

if (var) {
    for (tmp = var; tmp; tmp = tmp->next) {
        if (!strcasecmp(var->name, "host")) {
            struct in_addr sin2;
                        struct ast_dnsmgr_entry *dnsmgr = NULL;
                        memset(&sin2, 0, sizeof(sin2));
                        if ((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr)
< 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
                            /* No match */
                            ast_variables_destroy(var);
                                var = NULL;
                        }
                        break;
                }
        }
}

....

And this is a 1.4.19 version extract:

static struct sip_peer *realtime_peer(const char *newpeername, struct
sockaddr_in *sin)

....

if (var) {
    for (tmp = var; tmp; tmp = tmp->next) {
            if (!strcasecmp(tmp->name, "host")) {
                    struct hostent *hp;
                        struct ast_hostent ahp;
                        if (!(hp = ast_gethostbyname(tmp->value, &ahp)) ||
(memcmp(&hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
                            /* No match */
                            ast_variables_destroy(var);
                            var = NULL;
                        }
                        break;
                }
        }
}

....

I think the problem is this new line:

if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(&hp->h_addr,
&sin->sin_addr, sizeof(hp->h_addr))))

This is a bug ? What is the best solution ?

I was changed this line only:

if (!strcasecmp(var->name, "host")) {

Prior was:

if (!strcasecmp(tmp->name, "host")) {

this is an ok solution ?

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
duplicate of        0012362 Asterisk crashes everytime i try to dia...
====================================================================== 

---------------------------------------------------------------------- 
 file - 04-05-08 12:16  
---------------------------------------------------------------------- 
This is a duplicate of issue 12362. Please follow progress there and try
the patch. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-05-08 12:16  file           Duplicate ID             0 => 12362          
04-05-08 12:16  file           Status                   new => resolved     
04-05-08 12:16  file           Resolution               open => duplicate   
04-05-08 12:16  file           Assigned To               => file            
04-05-08 12:16  file           Note Added: 0085042                          
======================================================================




More information about the asterisk-bugs mailing list