[asterisk-bugs] [JIRA] (ASTERISK-22185) asterisk segfault at sip_msg_send in chan_sip.c

zhanglei lei (JIRA) noreply at issues.asterisk.org
Tue Jul 23 22:49:02 CDT 2013


     [ https://issues.asterisk.org/jira/browse/ASTERISK-22185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

zhanglei lei updated ASTERISK-22185:
------------------------------------

    Description: 
Here is the GDB stack trace:
(gdb) bt
#0  0x0079d443 in strchr () from /lib/libc.so.6
#1  0x015a5ee4 in sip_msg_send (msg=0xb7403d34, to=0xb4d82bc0 "sip:9518", from=<value optimized out>)
    at chan_sip.c:26744
#2  0x0816325f in msg_send_exec ()
#3  0x08174d7d in pbx_exec ()
#4  0x08180738 in pbx_extension_helper ()
#5  0x081886b0 in __ast_pbx_run ()
#6  0x0818a7c0 in ast_pbx_outgoing_exten ()
#7  0x00f29504 in attempt_thread (data=0xb5890328) at pbx_spool.c:382
#8  0x081d1f67 in dummy_start ()
#9  0x008caa49 in start_thread () from /lib/libpthread.so.0
#10 0x00806aee in clone () from /lib/libc.so.6

(gdb) frame 1
#1  0x015a5ee4 in sip_msg_send (msg=0xb7403d34, to=0xb4d82bc0 "sip:9518", from=<value optimized out>)
    at chan_sip.c:26744
26744	chan_sip.c: 没有那个文件或目录.
	in chan_sip.c
(gdb) p location
$1 = 0x0

In chan_sip.c:26774
26742                         ast_callerid_parse(sender, &name, &location);
26743                         ast_string_field_set(pvt, fromname, name);
26744                         if (strchr(location, ':')) { /* Must be a URI */

If a malform from parameter is passed(such as "<sip:8888 at 10.21.1.135", missing the closing '>'), ast_callerid_parse will fail and then location variable is leaved as NULL pointer where call segment fault.


  was:
Here is the GDB stack trace:
(gdb) bt
#0  0x0079d443 in strchr () from /lib/libc.so.6
#1  0x015a5ee4 in sip_msg_send (msg=0xb7403d34, to=0xb4d82bc0 "sip:9518", from=<value optimized out>)
    at chan_sip.c:26744
#2  0x0816325f in msg_send_exec ()
#3  0x08174d7d in pbx_exec ()
#4  0x08180738 in pbx_extension_helper ()
#5  0x081886b0 in __ast_pbx_run ()
#6  0x0818a7c0 in ast_pbx_outgoing_exten ()
#7  0x00f29504 in attempt_thread (data=0xb5890328) at pbx_spool.c:382
#8  0x081d1f67 in dummy_start ()
#9  0x008caa49 in start_thread () from /lib/libpthread.so.0
#10 0x00806aee in clone () from /lib/libc.so.6

(gdb) frame 1
#1  0x015a5ee4 in sip_msg_send (msg=0xb7403d34, to=0xb4d82bc0 "sip:9518", from=<value optimized out>)
    at chan_sip.c:26744
26744	chan_sip.c: 没有那个文件或目录.
	in chan_sip.c
(gdb) p location
$1 = 0x0

In chan_sip.c:26774
26742                         ast_callerid_parse(sender, &name, &location);
26743                         ast_string_field_set(pvt, fromname, name);
26744                         if (strchr(location, ':')) { /* Must be a URI */

If a malform from parameter is passed(such as "<sip:8888 at 10.21.1.135", missing the closing '>'), ast_callerid_parse will fail and then location variable should be NULL pointer.


    
> asterisk segfault at sip_msg_send in chan_sip.c
> -----------------------------------------------
>
>                 Key: ASTERISK-22185
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22185
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Messaging
>    Affects Versions: 11.4.0, 11.5.0
>         Environment: AsteriskNow distro
> Linux 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux
>            Reporter: zhanglei lei
>            Severity: Critical
>
> Here is the GDB stack trace:
> (gdb) bt
> #0  0x0079d443 in strchr () from /lib/libc.so.6
> #1  0x015a5ee4 in sip_msg_send (msg=0xb7403d34, to=0xb4d82bc0 "sip:9518", from=<value optimized out>)
>     at chan_sip.c:26744
> #2  0x0816325f in msg_send_exec ()
> #3  0x08174d7d in pbx_exec ()
> #4  0x08180738 in pbx_extension_helper ()
> #5  0x081886b0 in __ast_pbx_run ()
> #6  0x0818a7c0 in ast_pbx_outgoing_exten ()
> #7  0x00f29504 in attempt_thread (data=0xb5890328) at pbx_spool.c:382
> #8  0x081d1f67 in dummy_start ()
> #9  0x008caa49 in start_thread () from /lib/libpthread.so.0
> #10 0x00806aee in clone () from /lib/libc.so.6
> (gdb) frame 1
> #1  0x015a5ee4 in sip_msg_send (msg=0xb7403d34, to=0xb4d82bc0 "sip:9518", from=<value optimized out>)
>     at chan_sip.c:26744
> 26744	chan_sip.c: 没有那个文件或目录.
> 	in chan_sip.c
> (gdb) p location
> $1 = 0x0
> In chan_sip.c:26774
> 26742                         ast_callerid_parse(sender, &name, &location);
> 26743                         ast_string_field_set(pvt, fromname, name);
> 26744                         if (strchr(location, ':')) { /* Must be a URI */
> If a malform from parameter is passed(such as "<sip:8888 at 10.21.1.135", missing the closing '>'), ast_callerid_parse will fail and then location variable is leaved as NULL pointer where call segment fault.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list