[asterisk-bugs] [Asterisk 0019382]: used auth= parameter freed during sip reload => crash

Asterisk Bug Tracker noreply at bugs.digium.com
Sat May 28 09:14:59 CDT 2011 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=19382 
====================================================================== 
Reported By:                wdoekes
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   19382
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 321445 
Request Review:              
====================================================================== 
Date Submitted:             2011-05-28 09:14 CDT
Last Modified:              2011-05-28 09:14 CDT
====================================================================== 
Summary:                    used auth= parameter freed during sip reload =>
crash
Description: 
Hi,

if you use the auth= parameter and do a "sip reload" while there is an
ongoing call. The peer->auth data points to free'd memory.

Affected versions: -trunk and -1.6.2.x and probably every other version
that has the auth= parameter in sip.conf.

Because the memory is free'd before being re-allocated, in a test-setup
there are chances that you get the same memory back and the crash doesn't
occur. I've created a little patch that increases the likelyhood of getting
a crash, so you can confirm the problem more easily.

(And before you complain that I'm writing to free'd memory in that patch:
that's to overcome any 0-setting of auth->next by ast_free. The kernel
still thinks it's my memory and won't segfault over that.)
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-05-28 09:14 wdoekes        New Issue                                    
2011-05-28 09:14 wdoekes        Asterisk Version          => SVN             
2011-05-28 09:14 wdoekes        Regression                => No              
2011-05-28 09:14 wdoekes        SVN Branch (only for SVN checkouts, not tarball
releases) =>  trunk          
2011-05-28 09:14 wdoekes        SVN Revision (number only!) => 321445          
======================================================================

More information about the asterisk-bugs mailing list