[asterisk-bugs] [Asterisk 0016857]: Incorrect checking of Refer-To and Referred-By SIP headers

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Feb 18 06:30:35 CST 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16857 
====================================================================== 
Reported By:                tomsullivan
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   16857
Category:                   Channels/chan_sip/Transfers
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.2.X 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2010-02-17 20:58 CST
Last Modified:              2010-02-18 06:30 CST
====================================================================== 
Summary:                    Incorrect checking of Refer-To and Referred-By SIP
headers
Description: 
Asterisk 1.2.39.

Within asterisk-1.2.39/channels/chan_sip.c, lines 7032 and 7039 the
Refer-To and Referred-By headers are parsed from the SIP request. 

The get_header(...) method returns empty string if the header is not
found, but the test on these lines is only for NULL, so both refer_to and
referred_by can get through as "".

This is not a problem per se for refer_to, as it is checked later on (line
7050) and -1 is returned.

However, referred_by gets set to NULL (line 7057), which (in concert with
the bristuff patches) causes a SEGFAULT when dereferenced.
====================================================================== 

---------------------------------------------------------------------- 
 (0118214) davidw (reporter) - 2010-02-18 06:30
 https://issues.asterisk.org/view.php?id=16857#c118214 
---------------------------------------------------------------------- 
Asterisk 1.2 only receives security fixes.  You need to reproduce this on a
recent 1.4, 1.6 or trunk version. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-02-18 06:30 davidw         Note Added: 0118214                          
======================================================================

More information about the asterisk-bugs mailing list