[asterisk-bugs] [Asterisk 0016206]: [patch] Segfault in chan_iax2.so when receiving call without CallToken support

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Nov 10 11:59:21 CST 2009 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16206 
====================================================================== 
Reported By:                bklang
Assigned To:                dvossel
====================================================================== 
Project:                    Asterisk
Issue ID:                   16206
Category:                   Channels/chan_iax2
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     closed
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1 
SVN Revision (number only!): 228695 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-11-07 14:00 CST
Last Modified:              2009-11-10 11:59 CST
====================================================================== 
Summary:                    [patch] Segfault in chan_iax2.so when receiving call
without CallToken support
Description: 
I have configured Asterisk svn branch 1.6.1 to talk to my legacy Asterisk
1.2 system.  When the Asterisk 1.2 system places a call to the 1.6.1
system, the 1.6.1 host immediately segfaults.

The problem was traced to a call to ast_log() in chan_iax2.so on line
4600.  Commenting out this line and recompiling chan_iax2.so avoids the
crash.  Configuring Asterisk to not require call tokens from the remote
peer also avoids the crash.

As a side note, it appears that the text of the ast_log() message is out
of date as I not find any reference to a "calltokenignore" config option
for chan_iax2.

I will be happy to provide the entire core file if requested.  I have not
yet confirmed this bug on Linux.

The console reports:

grant*CLI> 
Disconnected from Asterisk server
Executing last minute cleanups
/opt/asterisk/sbin/safe_asterisk: line 157: 15691: Memory fault(coredump)
Asterisk ended with exit status 267
Asterisk exited on signal EXITSTATUS-128.
Exited on signal EXITSTATUS-128

Below is a sample from the Asterisk corefile:

(gdb) bt
https://issues.asterisk.org/view.php?id=0  0xfeca47a0 in countbytes () from
/lib/libc.so.1
https://issues.asterisk.org/view.php?id=1  0xfecf0793 in _ndoprnt () from
/lib/libc.so.1
https://issues.asterisk.org/view.php?id=2  0xfecf31bd in vsnprintf () from
/lib/libc.so.1
https://issues.asterisk.org/view.php?id=3  0x08135009 in __ast_str_helper
(buf=0xfbedb188, max_len=1024,
append=0, 
    fmt=0xfd443f5c "Call rejected, CallToken Support required. If
unexpected, resolve by placing address %s in the calltokenignore list or
setting user %s requirecalltoken=no\n", ap=0xfbedb1f8 "###\b") at
utils.c:1779
https://issues.asterisk.org/view.php?id=4  0x080de87c in ast_log (level=4,
file=0xfd43ee1f "chan_iax2.c", line=0,

    function=0xfd43df8e "handle_call_token", fmt=0xfbedb188
"8xP\b#####https://issues.asterisk.org/view.php?id=212\f")
    at strings.h:631
https://issues.asterisk.org/view.php?id=5  0xfd424bd6 in handle_call_token
(fh=0x8508f68, ies=0xfbee0d74, 
    sin=0xfbee0ec4, fd=14) at chan_iax2.c:4600
====================================================================== 

---------------------------------------------------------------------- 
 (0113595) svnbot (reporter) - 2009-11-10 11:59
 https://issues.asterisk.org/view.php?id=16206#c113595 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 229233

_U  branches/1.6.1/
U   branches/1.6.1/channels/chan_iax2.c

------------------------------------------------------------------------
r229233 | dvossel | 2009-11-10 11:59:20 -0600 (Tue, 10 Nov 2009) | 22
lines

Merged revisions 229168 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

................
  r229168 | dvossel | 2009-11-10 11:16:49 -0600 (Tue, 10 Nov 2009) | 15
lines
  
  Merged revisions 229167 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.4
  
  ........
    r229167 | dvossel | 2009-11-10 11:15:57 -0600 (Tue, 10 Nov 2009) | 9
lines
    
    don't crash on log message in solaris
    
    AST-2009-006
    
    (closes issue https://issues.asterisk.org/view.php?id=16206)
    Reported by: bklang
    Tested by: bklang
  ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=229233 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-11-10 11:59 svnbot         Checkin                                      
2009-11-10 11:59 svnbot         Note Added: 0113595                          
======================================================================

More information about the asterisk-bugs mailing list