[asterisk-bugs] [JIRA] (ASTERISK-24472) Asterisk Crash in OpenSSL when calling over WSS from JSSIP
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Fri Nov 7 09:04:29 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223391#comment-223391 ]
Matt Jordan edited comment on ASTERISK-24472 at 11/7/14 9:02 AM:
-----------------------------------------------------------------
Yeah, I'm at a loss here. I'm not sure how we aren't getting that message but still ending up with valgrind complaining about the {{realloc}}. We're also still clearly setting the string in {{chan_sip}}, which makes no sense.
For that to occur (with the patch I've just attached), {{* payload_len}} *must* be non-zero:
{noformat}
if (*payload_len && !(new_payload = ast_realloc(session->payload, (session->payload_len + *payload_len)))) {
{noformat}
The only thing I can think to do at this point it to throw some serious debug into {{ast_http_websocket}} code to try and figure out what in the blue blazes is going on in here.
I'll attach a patch with that in a few minutes. When you re-test with it, let's get:
* A pcap of the message traffic
* A debug log ( {{mylog => debug,verbose,notice,warning,error}} ) showing the traffic leading up to the corruption/crash
was (Author: mjordan):
Yeah, I'm at a loss here. I'm not sure how we aren't getting that message but still ending up with valgrind complaining about the {{realloc}}. We're also still clearly setting the string in {{chan_sip}}, which makes no sense.
For that to occur (with the patch I've just attached), {{*payload_len}} *must* be non-zero:
{noformat}
if (*payload_len && !(new_payload = ast_realloc(session->payload, (session->payload_len + *payload_len)))) {
{noformat}
The only thing I can think to do at this point it to throw some serious debug into {{ast_http_websocket}} code to try and figure out what in the blue blazes is going on in here.
I'll attach a patch with that in a few minutes. When you re-test with it, let's get:
* A pcap of the message traffic
* A debug log ( {{mylog => debug,verbose,notice,warning,error}} ) showing the traffic leading up to the corruption/crash
> Asterisk Crash in OpenSSL when calling over WSS from JSSIP
> ----------------------------------------------------------
>
> Key: ASTERISK-24472
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24472
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_rtp_asterisk
> Affects Versions: 11.13.1
> Environment: Opera 20.0.1387.77.
> Use: DTLS, WSS, Valid SSL certificate
> Client - jssip 0.3.0
> Reporter: Badalian Vyacheslav
> Assignee: Badalian Vyacheslav
> Severity: Critical
> Attachments: ASTERISK-24472-websocket-read-bail-2.diff, backtrace2.txt, backtrace3.txt, backtrace_openssl_debug1.txt, backtrace_openssl_debug2.txt, backtrace_openssl_debug3.txt, backtrace_openssl_debug4.txt, backtrace_openssl_debug5.txt, backtrace.txt, valgrind2.txt, valgrind3.txt, valgrind4.txt, valgrind7.txt, valgrind.txt
>
>
> Valgrind and GDB backtrace (3 pices) attached bellow
> CentOS x86_64 release 6.6 (Final)
> OpenSSL> version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> # rpm -qa | grep openssl
> openssl-devel-1.0.1e-30.el6_6.2.x86_64
> openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
> openssl-1.0.1e-30.el6_6.2.x86_64
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list