[asterisk-bugs] [LibPRI 0014378]: [patch] Two odd error messages on BRI PtMP lines
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Nov 23 15:43:46 CST 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=14378
======================================================================
Reported By: timking
Assigned To: mattf
======================================================================
Project: LibPRI
Issue ID: 14378
Category: General
Reproducibility: random
Severity: major
Priority: normal
Status: assigned
Asterisk Version: SVN
JIRA:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2009-01-31 11:41 CST
Last Modified: 2009-11-23 15:43 CST
======================================================================
Summary: [patch] Two odd error messages on BRI PtMP lines
Description:
I am running libpri-1.4.9 in a production environment. I notice the
following in the logs, apparently at random.
[Jan 30 15:33:11] ERROR[7615] chan_dahdi.c: XXX Message longer than it
should be?? XXX
[Jan 30 15:33:15] ERROR[7615] chan_dahdi.c: XXX Message longer than it
should be?? XXX
[Jan 30 15:33:50] ERROR[7614] chan_dahdi.c: XXX Message longer than it
should be?? XXX
[Jan 30 15:33:54] ERROR[7614] chan_dahdi.c: XXX Message longer than it
should be?? XXX
[Jan 30 15:34:29] ERROR[7615] chan_dahdi.c: !! < Unknown IE 224 (cs0, len
= 1)
======================================================================
----------------------------------------------------------------------
(0114171) roeften (reporter) - 2009-11-23 15:43
https://issues.asterisk.org/view.php?id=14378#c114171
----------------------------------------------------------------------
There is an underlying danger that is not handled properly. In cases like
the one I am describing (one extra byte out of nowhere) the code will
access memory beyond the buffer possibly when it will try to find the
length of the IE message and definitely when it will try to dump the
message.
I am uploading a patch to handle these situations since they obviously
happen (Check log.txt to see how an unknown IE of 101 bytes is dumped when
there is just one extra byte in the buffer). I have incorporated timking's
one liner fix since valid messages should not be ignored. The assertion
"XXX Message longer than it should be?? XXX" will still be there to
indicate such issues.
Two versions of the patch one against 1.4.10.2 and one against the current
1.4.
I am not sure if the changes are required since the whole issue was caused
by a bug in the driver which when fixed seems to have eliminated the
problem.
Issue History
Date Modified Username Field Change
======================================================================
2009-11-23 15:43 roeften Note Added: 0114171
======================================================================
More information about the asterisk-bugs
mailing list