[asterisk-bugs] [JIRA] (ASTERISK-21466) [crash] "sip show peers" crashes Asterisk with ~3500 registered peers

Guillaume Knispel (JIRA) noreply at issues.asterisk.org
Wed Apr 17 05:40:01 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-21466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=205365#comment-205365 ] 

Guillaume Knispel commented on ASTERISK-21466:
----------------------------------------------

I've tried to find other occurrences of that pattern (strdupa, alloca in a loop) automatically using Coccinelle, but did not succeed (Coccinelle runs forever, maybe a bug, an error in my unsterstanding of its grammar, or maybe Coccinelle just does not like Asterisk source code).

So here are some notes about some other functions I found by a (very limited) manual review, that uses strdupa/alloca in a loop and could benefit from being reviewed:

chan_sip:

	static char *_sip_show_peers(int fd, int *total, struct mansession *s, const struct message *m, int argc, const char *argv[])
	crash

	static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
	localaddr ?


	static struct sip_peer *build_peer(const char *name, struct ast_variable *v, struct ast_variable *alt, int realtime, int devstate_only)


app_voicemail.c:
	static int imap_retrieve_greeting(const char *dir, const int msgnum, struct ast_vm_user *vmu)
	static int forward_message(struct ast_channel *chan, char *context, struct vm_state *vms, struct ast_vm_user *sender, char *fmt, int is_new_message, signed char record_gain, int urgent)
	static int imap_delete_old_greeting (char *dir, struct vm_state *vms)
	static int actual_load_config(int reload, struct ast_config *cfg, struct ast_config *ucfg)
	static void vm_change_password(struct ast_vm_user *vmu, const char *newpassword)

I insist that this is a very very non exhaustive list.

                
> [crash] "sip show peers" crashes Asterisk with ~3500 registered peers
> ---------------------------------------------------------------------
>
>                 Key: ASTERISK-21466
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21466
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 11.3.0
>         Environment: Linux 32 bits
>            Reporter: Guillaume Knispel
>            Severity: Critical
>
> When there are lots of registered sip peers (around 3500, but it could depend on the IP adresses), the "sip show peers" CLI command immediately crashes Asterisk by stack overflow. (Trying to get the same informations through AMI very probably leads to the same crash.)
> This is caused by the use of ast_strdupa() in the main loop of _sip_show_peers()

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list