[asterisk-bugs] [JIRA] (ASTERISK-22469) crash when res_jabber receives an XMPP IQ stanza with no 'from'

Rusty Newton (JIRA) noreply at issues.asterisk.org
Thu Sep 5 15:57:03 CDT 2013 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rusty Newton updated ASTERISK-22469:
------------------------------------

    Security:     (was: Reporter, Bug Marshals, and Digium)
    
> crash when res_jabber receives an XMPP IQ stanza with no 'from'
> ---------------------------------------------------------------
>
>                 Key: ASTERISK-22469
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22469
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Resources/res_jabber
>    Affects Versions: 1.8.23.1, 11.5.1, 12.0.0-alpha1
>         Environment: res_jabber on Asterisk 1.8.23
>            Reporter: abelbeck
>            Assignee: abelbeck
>            Severity: Critical
>         Attachments: res_jabber-prosody-0.8.2-vs-0.9.0.txt
>
>
> Reported as an aside on ASTERISK-22410. Moving to separate issue, as this seems to be a security vulnerability.
> {quote}
> The good news, Prosody 0.9.0 now works with Asterisk 1.8 which requires the 'from' attribute in the XMPP: iq id='disco' type='get' ... , or else Asterisk 1.8 segfaults.
> {quote}
> and from the comments:
> {quote}
> Rusty, to further elaborate on the segfault issue…
> With res_xmpp, both Prosody 0.8.2 and 0.9.0 work fine.
> With res_jabber, Prosody 0.8.2 causes it to segfault, prosody 0.9.0 works fine.
> Since Matthew was not clear why 0.9.0 fixed res_jabber, I disabled TLS to see what is going on, attached is a brief synopsis.
> Attached file: res_jabber-prosody-0.8.2-vs-0.9.0.txt
> {quote}
> {quote}
> I can't be any help with the backtrace since we cross-compile an embedded image with stripped symbols. My only help is the clue that the missing from= may trigger the crash.
> {quote}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list