[asterisk-bugs] [JIRA] (ASTERISK-24472) Asterisk Crash in OpenSSL when calling over WSS from JSSIP
Badalian Vyacheslav (JIRA)
noreply at issues.asterisk.org
Thu Nov 6 09:08:29 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223358#comment-223358 ]
Badalian Vyacheslav commented on ASTERISK-24472:
------------------------------------------------
i think so
{code}
[root at ds-asterisk01 asterisk-11.13.1]# diff ./../asterisk-11.13.1_gcc_old/res/res_http_websocket.c res/res_http_websocket.c -u
--- ./../asterisk-11.13.1_gcc_old/res/res_http_websocket.c 2014-06-26 16:06:22.000000000 +0400
+++ res/res_http_websocket.c 2014-11-06 14:58:37.199623246 +0300
@@ -467,7 +467,7 @@
session->payload, session->payload_len, *payload_len);
*payload_len = 0;
ast_websocket_close(session, 1009);
- return 0;
+ return -1;
}
/* Per the RFC for PING we need to send back an opcode with the application data as received */
[root at ds-asterisk01 asterisk-11.13.1]# md5sum res/res_http_websocket.so /usr/lib/asterisk/modules/res_http_websocket.so
643340c9f6bb09dd9c22b88800234350 res/res_http_websocket.so
643340c9f6bb09dd9c22b88800234350 /usr/lib/asterisk/modules/res_http_websocket.so
{code}
Mybe its next part of code?
{code}
if ((*opcode == AST_WEBSOCKET_OPCODE_PING) && (ast_websocket_write(session, AST_WEBSOCKET_OPCODE_PONG, *payload, *payload_len))) {
*payload_len = 0;
ast_websocket_close(session, 1009);
return 0;
}
{code}
You close socket but return true and chan_sip still work
> Asterisk Crash in OpenSSL when calling over WSS from JSSIP
> ----------------------------------------------------------
>
> Key: ASTERISK-24472
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24472
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_rtp_asterisk
> Affects Versions: 11.13.1
> Environment: Opera 20.0.1387.77.
> Use: DTLS, WSS, Valid SSL certificate
> Client - jssip 0.3.0
> Reporter: Badalian Vyacheslav
> Assignee: Badalian Vyacheslav
> Severity: Critical
> Attachments: ASTERISK-24472-websocket-read-bail.diff, backtrace2.txt, backtrace3.txt, backtrace_openssl_debug1.txt, backtrace_openssl_debug2.txt, backtrace_openssl_debug3.txt, backtrace_openssl_debug4.txt, backtrace_openssl_debug5.txt, backtrace.txt, valgrind2.txt, valgrind3.txt, valgrind4.txt, valgrind.txt
>
>
> Valgrind and GDB backtrace (3 pices) attached bellow
> CentOS x86_64 release 6.6 (Final)
> OpenSSL> version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> # rpm -qa | grep openssl
> openssl-devel-1.0.1e-30.el6_6.2.x86_64
> openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
> openssl-1.0.1e-30.el6_6.2.x86_64
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list