[asterisk-bugs] [Asterisk 0018574]: handle_request_info uses uninitialized string buffer

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Jan 4 12:22:39 UTC 2011 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18574 
====================================================================== 
Reported By:                zvision
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18574
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.39-rc1 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 294688 
Request Review:              
====================================================================== 
Date Submitted:             2011-01-04 06:22 CST
Last Modified:              2011-01-04 06:22 CST
====================================================================== 
Summary:                    handle_request_info uses uninitialized string buffer
Description: 
I receive DTMFs from Cirpack in a SIP INFO message in the following
format:

INFO sip:x at x SIP/2.0
...
User-Agent: Cirpack/v4.42q (gw_sip)
Content-Type: application/dtmf
...
Content-Length: 1

1

The Content-Type is not recognized by Asterisk as DTMF, but this is a
minor problem. At the end of handle_request_info function there is a line
to print
a log line:

ast_log(LOG_WARNING, "Unable to parse INFO message from %s. Content %s\n",
p->callid, buf);

If the Content-Type does not match any IFs above this line, contents of
the buf variable is uninitialized and the Asterisk prints garbage reading
uninitialized stack memory.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-01-04 06:22 zvision        New Issue                                    
2011-01-04 06:22 zvision        Asterisk Version          => 1.4.39-rc1      
2011-01-04 06:22 zvision        Regression                => No              
2011-01-04 06:22 zvision        SVN Branch (only for SVN checkouts, not tarball
releases) =>  1.4            
2011-01-04 06:22 zvision        SVN Revision (number only!) => 294688          
======================================================================

More information about the asterisk-bugs mailing list