[asterisk-bugs] [JIRA] (ASTERISK-22469) crash when res_jabber receives an XMPP IQ stanza with no 'from'
abelbeck (JIRA)
noreply at issues.asterisk.org
Thu Sep 5 16:33:04 CDT 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-22469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
abelbeck updated ASTERISK-22469:
--------------------------------
Attachment: asterisk-1.8.23-jabber.conf-example.txt
Attach: Example jabber.conf
> crash when res_jabber receives an XMPP IQ stanza with no 'from'
> ---------------------------------------------------------------
>
> Key: ASTERISK-22469
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22469
> Project: Asterisk
> Issue Type: Bug
> Components: Resources/res_jabber
> Affects Versions: 1.8.23.1, 11.5.1, 12.0.0-alpha1
> Environment: res_jabber on Asterisk 1.8.23
> Reporter: abelbeck
> Assignee: abelbeck
> Severity: Critical
> Attachments: asterisk-1.8.23-jabber.conf-example.txt, prosody-0.8.2-cfg.lua.example.txt, res_jabber-prosody-0.8.2-vs-0.9.0.txt
>
>
> Reported as an aside on ASTERISK-22410. Moving to separate issue, as this seems to be a security vulnerability.
> {quote}
> The good news, Prosody 0.9.0 now works with Asterisk 1.8 which requires the 'from' attribute in the XMPP: iq id='disco' type='get' ... , or else Asterisk 1.8 segfaults.
> {quote}
> and from the comments:
> {quote}
> Rusty, to further elaborate on the segfault issue…
> With res_xmpp, both Prosody 0.8.2 and 0.9.0 work fine.
> With res_jabber, Prosody 0.8.2 causes it to segfault, prosody 0.9.0 works fine.
> Since Matthew was not clear why 0.9.0 fixed res_jabber, I disabled TLS to see what is going on, attached is a brief synopsis.
> Attached file: res_jabber-prosody-0.8.2-vs-0.9.0.txt
> {quote}
> {quote}
> I can't be any help with the backtrace since we cross-compile an embedded image with stripped symbols. My only help is the clue that the missing from= may trigger the crash.
> {quote}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list