[asterisk-bugs] [JIRA] (ASTERISK-24472) Asterisk Crash in OpenSSL when calling over WSS from JSSIP

Matt Jordan (JIRA) noreply at issues.asterisk.org
Thu Nov 6 08:50:29 CST 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223353#comment-223353 ] 

Matt Jordan commented on ASTERISK-24472:
----------------------------------------

First, the patch on ASTERISK-24333 doesn't matter, as that isn't the same issue as this one. As pointed out, that is a memory corruption in {{libsrtp}} itself.

Are you sure the patch was applied correctly? Looking at your valgrind output, {{chan_sip}} is still attempting to get the string after {{ast_websocket_read}}, which should not be possible if the {{realloc}} failed (which it did in your trace) and returned {{-1}} (which it does with the patch).

Do you know that you are sending a 0 byte message inside a WebSocket frame? The {{payload_len}} is set to 0 if the {{realloc}} fails - if it is 0 prior to that point, I would expect things to still be "okay" although sending an empty WebSocket message would be rather odd.

> Asterisk Crash in OpenSSL when calling over WSS from JSSIP
> ----------------------------------------------------------
>
>                 Key: ASTERISK-24472
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24472
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 11.13.1
>         Environment: Opera 20.0.1387.77.
> Use: DTLS, WSS, Valid SSL certificate
> Client - jssip 0.3.0 
>            Reporter: Badalian Vyacheslav
>            Assignee: Badalian Vyacheslav
>            Severity: Critical
>         Attachments: ASTERISK-24472-websocket-read-bail.diff, backtrace2.txt, backtrace3.txt, backtrace_openssl_debug1.txt, backtrace_openssl_debug2.txt, backtrace_openssl_debug3.txt, backtrace_openssl_debug4.txt, backtrace_openssl_debug5.txt, backtrace.txt, valgrind2.txt, valgrind3.txt, valgrind4.txt, valgrind.txt
>
>
> Valgrind and GDB backtrace (3 pices) attached bellow
> CentOS x86_64 release 6.6 (Final)
> OpenSSL> version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> # rpm -qa | grep openssl
> openssl-devel-1.0.1e-30.el6_6.2.x86_64
> openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
> openssl-1.0.1e-30.el6_6.2.x86_64



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list