[asterisk-bugs] [Asterisk 0014417]: Asterisk crash with looped request and pedantic=yes
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Mar 10 12:37:23 CDT 2009
The following issue has been UPDATED.
======================================================================
http://bugs.digium.com/view.php?id=14417
======================================================================
Reported By: klaus3000
Assigned To: file
======================================================================
Project: Asterisk
Issue ID: 14417
Category: Channels/chan_sip/General
Reproducibility: always
Severity: crash
Priority: normal
Status: assigned
Asterisk Version: 1.4.23
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-02-06 03:24 CST
Last Modified: 2009-03-10 12:37 CDT
======================================================================
Summary: Asterisk crash with looped request and pedantic=yes
Description:
Hi!
When Asterisk sends a message to itself (e.g. bad configuration, or by an
attacker if Asterisk sends a request to an external domain which resolves
to Asterisk again), when pedantic=yes, Asterisk crashes when comparing the
URIs.
At the end of sip_uri_cmp(const char *input1, const char *input2) the
headers will be compared.
if (sip_uri_headers_cmp(headers1, headers2)) {
return 1;
}
The problem is that if there are no headers, headers1/2 are 0x0. But the
sip_uri_headers_cmp() function accesses the pointers without checking for
null pointers --> segfault.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2009-03-10 12:37 file View Status private => public
======================================================================
More information about the asterisk-bugs
mailing list