[asterisk-bugs] [Asterisk 0014417]: Asterisk crash with looped request and pedantic=yes

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Mar 10 12:37:23 CDT 2009


The following issue has been UPDATED. 
====================================================================== 
http://bugs.digium.com/view.php?id=14417 
====================================================================== 
Reported By:                klaus3000
Assigned To:                file
====================================================================== 
Project:                    Asterisk
Issue ID:                   14417
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.23 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-02-06 03:24 CST
Last Modified:              2009-03-10 12:37 CDT
====================================================================== 
Summary:                    Asterisk crash with looped request and pedantic=yes
Description: 
Hi!

When Asterisk sends a message to itself (e.g. bad configuration, or by an
attacker if Asterisk sends a request to an external domain which resolves
to Asterisk again), when pedantic=yes, Asterisk crashes when comparing the
URIs.

At the end of sip_uri_cmp(const char *input1, const char *input2) the
headers will be compared.

  if (sip_uri_headers_cmp(headers1, headers2)) {
      return 1;
   }

The problem is that if there are no headers, headers1/2 are 0x0. But the
sip_uri_headers_cmp() function accesses the pointers without checking for
null pointers --> segfault.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-03-10 12:37 file           View Status              private => public   
======================================================================




More information about the asterisk-bugs mailing list