[asterisk-bugs] [JIRA] (ASTERISK-22821) Asterisk 12-beta @r402448 pjsip sigsegv receiving SIP MESSAGE when checking Contact header

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Mon Nov 4 09:36:03 CST 2013


     [ https://issues.asterisk.org/jira/browse/ASTERISK-22821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Mudgett updated ASTERISK-22821:
---------------------------------------

    Description: 
Asterisk dumps core when receiving a PJSIP SIP MESSAGE from a CSipCimple client.  The issue appears when Asterisk attempts to check for a Contact header in the incoming MESSAGE (in res/res_pjsip_messaging.c):
{code}
        /* contact header */
        if ((size = pjsip_hdr_print_on(pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL), buf, sizeof(buf)-1)) > 0) {
                buf[size] = '\0';
                CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
        }
{code}

It may well be that CSipSimple is sending a bad Contact header, but it shouldn't cause Asterisk/PJSIP to bail.  I am contacting the CSipSimple developers to ask about their Contact header.

If I replace the above snippet with the following, SIP MESSAGEs are processed properly (though I don't know C and I'm not sure this will do what it's supposed to):

{code}
        /* new contact header */
        pjsip_contact_hdr *contact_hdr;
        contact_hdr = (pjsip_contact_hdr*)
                pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
        if (contact_hdr) {
                buf[size] = '\0';
                CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
        }
{code}


I will attach a backtrace showing the problem.

  was:
Asterisk dumps core when receiving a PJSIP SIP MESSAGE from a CSipCimple client.  The issue appears when Asterisk attempts to check for a Contact header in the incoming MESSAGE (in res/res_pjsip_messaging.c):

        /* contact header */
        if ((size = pjsip_hdr_print_on(pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL), buf, sizeof(buf)-1)) > 0) {
                buf[size] = '\0';
                CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
        }

It may well be that CSipSimple is sending a bad Contact header, but it shouldn't cause Asterisk/PJSIP to bail.  I am contacting the CSipSimple developers to ask about their Contact header.

If I replace the above snippet with the following, SIP MESSAGEs are processed properly (though I don't know C and I'm not sure this will do what it's supposed to):

        /* new contact header */
        pjsip_contact_hdr *contact_hdr;
        contact_hdr = (pjsip_contact_hdr*)
                pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
        if (contact_hdr) {
                buf[size] = '\0';
                CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
        }


I will attach a backtrace showing the problem.

    
> Asterisk 12-beta @r402448 pjsip sigsegv receiving SIP MESSAGE when checking Contact header
> ------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22821
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22821
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_messaging
>    Affects Versions: 12.0.0-beta1
>         Environment: Fedora 19 x86_64, compiled Asterisk and PJSIP from source.
>            Reporter: Anthony Messina
>         Attachments: asterisk-12-r402448-pjsip-message-sigsegv.txt
>
>
> Asterisk dumps core when receiving a PJSIP SIP MESSAGE from a CSipCimple client.  The issue appears when Asterisk attempts to check for a Contact header in the incoming MESSAGE (in res/res_pjsip_messaging.c):
> {code}
>         /* contact header */
>         if ((size = pjsip_hdr_print_on(pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL), buf, sizeof(buf)-1)) > 0) {
>                 buf[size] = '\0';
>                 CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
>         }
> {code}
> It may well be that CSipSimple is sending a bad Contact header, but it shouldn't cause Asterisk/PJSIP to bail.  I am contacting the CSipSimple developers to ask about their Contact header.
> If I replace the above snippet with the following, SIP MESSAGEs are processed properly (though I don't know C and I'm not sure this will do what it's supposed to):
> {code}
>         /* new contact header */
>         pjsip_contact_hdr *contact_hdr;
>         contact_hdr = (pjsip_contact_hdr*)
>                 pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
>         if (contact_hdr) {
>                 buf[size] = '\0';
>                 CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
>         }
> {code}
> I will attach a backtrace showing the problem.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list