[asterisk-bugs] [Asterisk 0019382]: [patch] used auth= parameter freed during sip reload => crash

Asterisk Bug Tracker noreply at bugs.digium.com
Sat May 28 09:15:44 CDT 2011 

The following issue has been UPDATED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=19382 
====================================================================== 
Reported By:                wdoekes
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   19382
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 321445 
Request Review:              
====================================================================== 
Date Submitted:             2011-05-28 09:14 CDT
Last Modified:              2011-05-28 09:15 CDT
====================================================================== 
Summary:                    [patch] used auth= parameter freed during sip reload
=> crash
Description: 
Hi,

if you use the auth= parameter and do a "sip reload" while there is an
ongoing call. The peer->auth data points to free'd memory.

Affected versions: -trunk and -1.6.2.x and probably every other version
that has the auth= parameter in sip.conf.

Because the memory is free'd before being re-allocated, in a test-setup
there are chances that you get the same memory back and the crash doesn't
occur. I've created a little patch that increases the likelyhood of getting
a crash, so you can confirm the problem more easily.

(And before you complain that I'm writing to free'd memory in that patch:
that's to overcome any 0-setting of auth->next by ast_free. The kernel
still thinks it's my memory and won't segfault over that.)
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-05-28 09:15 wdoekes        Summary                  used auth= parameter
freed during sip reload => crash => [patch] used auth= parameter freed during
sip reload => crash
======================================================================

More information about the asterisk-bugs mailing list