[asterisk-bugs] [Asterisk 0011897]: Missed protection from incorrect dial string in parse_dial_string
noreply at bugs.digium.com
noreply at bugs.digium.com
Thu Jan 31 18:30:31 CST 2008
The following issue has been ASSIGNED.
======================================================================
http://bugs.digium.com/view.php?id=11897
======================================================================
Reported By: sokhapkin
Assigned To: russell
======================================================================
Project: Asterisk
Issue ID: 11897
Category: Channels/chan_iax2
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
Asterisk Version: 1.4.16.2
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 01-31-2008 18:20 CST
Last Modified: 01-31-2008 18:30 CST
======================================================================
Summary: Missed protection from incorrect dial string in
parse_dial_string
Description:
chan_iax2 accepts dial string like iax2/user:password@ (missed host). On a
busy host with much iax2 activity this leads to denial of service after
short period of time with errors like
[Jan 31 19:06:28] DEBUG[19315] chan_iax2.c: realtime_peer: Bah, '' is
expired (1201824378/0/1201824
378)!
[Jan 31 19:06:28] NOTICE[19315] channel.c: Unable to request channel
iax2/asd:qwe@
[Jan 31 19:06:28] DEBUG[19315] devicestate.c: Notification of state change
to be queued on device/c
hannel **Unknown**
[Jan 31 19:06:28] WARNING[12759] res_config_odbc.c: SQL Alloc Handle
failed!
[Jan 31 19:06:28] WARNING[12759] res_odbc.c: SQL Prepare failed.
Attempting a reconnect...
[Jan 31 19:06:28] DEBUG[12724] devicestate.c: Checking if I can find
provider for "**Unknown**" - n
umber: (null)
[Jan 31 19:06:28] DEBUG[12724] devicestate.c: Changing state for
**Unknown** - state 4 (Invalid)
[Jan 31 19:06:29] NOTICE[12757] chan_iax2.c: Out of idle IAX2 threads for
I/O, pausing!
[Jan 31 19:06:29] NOTICE[12756] chan_iax2.c: Out of idle IAX2 threads for
scheduling!
[Jan 31 19:06:30] NOTICE[12757] chan_iax2.c: Out of idle IAX2 threads for
I/O, pausing!
[Jan 31 19:06:30] NOTICE[12756] chan_iax2.c: Out of idle IAX2 threads for
scheduling!
[Jan 31 19:06:30] DEBUG[23088] rtp.c: Got RTCP report of 176 bytes
[Jan 31 19:06:31] NOTICE[12757] chan_iax2.c: Out of idle IAX2 threads for
I/O, pausing!
[Jan 31 19:06:31] NOTICE[12756] chan_iax2.c: Out of idle IAX2 threads for
scheduling!
======================================================================
----------------------------------------------------------------------
svnbot - 01-31-08 18:30
----------------------------------------------------------------------
Repository: asterisk
Revision: 101693
U branches/1.4/channels/chan_iax2.c
------------------------------------------------------------------------
r101693 | russell | 2008-01-31 18:30:30 -0600 (Thu, 31 Jan 2008) | 8 lines
Add some more sanity checking on IAX2 dial strings for the case that no
peer
or hostname was provided, which is the one part of the dial string that is
absolutely required. If it's not there, bail out.
(closes issue http://bugs.digium.com/view.php?id=11897)
Reported by sokhapkin
Patch by me
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=101693
Issue History
Date Modified Username Field Change
======================================================================
01-31-08 18:30 svnbot Checkin
01-31-08 18:30 svnbot Note Added: 0081555
01-31-08 18:30 svnbot Status new => assigned
01-31-08 18:30 svnbot Assigned To => russell
======================================================================
More information about the asterisk-bugs
mailing list