[asterisk-bugs] [JIRA] (ASTERISK-24472) Asterisk Crash in OpenSSL when calling over WSS from JSSIP

Matt Jordan (JIRA) noreply at issues.asterisk.org
Wed Nov 5 16:46:28 CST 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-24472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan updated ASTERISK-24472:
-----------------------------------

    Attachment: ASTERISK-24472-websocket-read-bail.diff

So, the patch I've just attached ( {{ASTERISK-24472-websocket-read-bail.diff}} ) may not solve all of the problems. However, your error message of a {{realloc}} failing is disconcerting: we failed to allocate a big enough buffer to deal with the message that just arrived, and instead of bailing on the websocket connection, we are actually returning 0 with a payload length of 0.

Unfortunately, up in {{chan_sip}}, that looks like success - so it attempts to process things with a payload length of 0, which eventually causes what appears to be a memory corruption. Yikes.

This patch is a trial - if the {{realloc}} fails, we tell the higher level to not process the read request. That *should* at least handle the failure in the memory allocation better in {{chan_sip}}, which *may* avoid the crashes you're seeing. It may result in the call being cancelled (in fact, I suspect it will), but that's not terribly surprising: we failed to allocate memory, and something has to give. I'm hopeful it may at least not crash after that point.

If you can test with this patch under valgrind as well, that'd be appreciated. That may at least clear Asterisk out of this - although you may still have problems in OpenSSL.

> Asterisk Crash in OpenSSL when calling over WSS from JSSIP
> ----------------------------------------------------------
>
>                 Key: ASTERISK-24472
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24472
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 11.13.1
>         Environment: Opera 20.0.1387.77.
> Use: DTLS, WSS, Valid SSL certificate
> Client - jssip 0.3.0 
>            Reporter: Badalian Vyacheslav
>            Severity: Critical
>         Attachments: ASTERISK-24472-websocket-read-bail.diff, backtrace2.txt, backtrace3.txt, backtrace_openssl_debug1.txt, backtrace_openssl_debug2.txt, backtrace_openssl_debug3.txt, backtrace.txt, valgrind2.txt, valgrind.txt
>
>
> Valgrind and GDB backtrace (3 pices) attached bellow
> CentOS x86_64 release 6.6 (Final)
> OpenSSL> version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> # rpm -qa | grep openssl
> openssl-devel-1.0.1e-30.el6_6.2.x86_64
> openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
> openssl-1.0.1e-30.el6_6.2.x86_64



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list