[asterisk-bugs] [Asterisk 0016857]: Incorrect checking of Refer-To and Referred-By SIP headers

Asterisk Bug Tracker noreply at bugs.digium.com
Wed Feb 17 20:58:31 CST 2010 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16857 
====================================================================== 
Reported By:                tomsullivan
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   16857
Category:                   Channels/chan_sip/Transfers
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.2.X 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2010-02-17 20:58 CST
Last Modified:              2010-02-17 20:58 CST
====================================================================== 
Summary:                    Incorrect checking of Refer-To and Referred-By SIP
headers
Description: 
Asterisk 1.2.39.

Within asterisk-1.2.39/channels/chan_sip.c, lines 7032 and 7039 the
Refer-To and Referred-By headers are parsed from the SIP request. 

The get_header(...) method returns empty string if the header is not
found, but the test on these lines is only for NULL, so both refer_to and
referred_by can get through as "".

This is not a problem per se for refer_to, as it is checked later on (line
7050) and -1 is returned.

However, referred_by gets set to NULL (line 7057), which (in concert with
the bristuff patches) causes a SEGFAULT when dereferenced.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-02-17 20:58 tomsullivan    New Issue                                    
2010-02-17 20:58 tomsullivan    Asterisk Version          => 1.2.X           
2010-02-17 20:58 tomsullivan    Regression                => No              
2010-02-17 20:58 tomsullivan    SVN Branch (only for SVN checkouts, not tarball
releases) => N/A             
======================================================================

More information about the asterisk-bugs mailing list