[asterisk-bugs] [JIRA] (ASTERISK-24368) res_pjsip_pubsub: Subscription persistence causes crash when re-constructing stored subscription

Matt Jordan (JIRA) noreply at issues.asterisk.org
Mon Sep 29 14:53:29 CDT 2014


Matt Jordan created ASTERISK-24368:
--------------------------------------

             Summary: res_pjsip_pubsub: Subscription persistence causes crash when re-constructing stored subscription
                 Key: ASTERISK-24368
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24368
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip_pubsub
            Reporter: Matt Jordan
            Severity: Critical


When some subscriptions are persisted to the AstDB, there appear to be code paths where the re-construction of the subscription is rejected due to an invalid transport. This causes an endless cycle of crashes on startup, preventing Asterisk from ever starting. Worse, since this is stored in the AstDB by default, there exists no way to bail out of it.

Note that there are multiple places where this can crash. Logs are attached; however, the relevant backtraces are as follows.

h1. Example Database Entry

{noformat}
digium-test-03*CLI> database show
/registrar/contact/2001;@sip:2001 at 132.177.252.58:44778;transport=tls;registering_acc=digium-test-03_digium_sipit_net: {"outbound_proxy":"","expiration_time":"1412000075","path":"","qualify_frequency":"0","user_agent":"Jitsi2.4.4997Linux","uri":"sip:2001 at 132.177.252.58:44778;transport=tls;registering_acc=digium-test-03_digium_sipit_net"}
/registrar/contact/2001;@sip:2001 at 132.177.252.58:55716;transport=tls;registering_acc=digium-test-03_digium_sipit_net: {"outbound_proxy":"","expiration_time":"1411999632","path":"","qualify_frequency":"0","user_agent":"Jitsi2.4.4997Linux","uri":"sip:2001 at 132.177.252.58:55716;transport=tls;registering_acc=digium-test-03_digium_sipit_net"}
/subscription_persistence/subscription_persistence/63c90551-9245-4706-b792-bafae4e1d638: {"cseq":"19090","tag":"75b6d557-0c06-4579-b5da-4865d1380060","transport_key":"TLS","packet":"SUBSCRIBE sip:2001 at digium-test-03.digium.sipit.net SIP/2.0\r\nCall-ID: 3ab5b4f06f8f1069ac184120a6c3ba05 at 0:0:0:0:0:0:0:0\r\nCSeq: 1 SUBSCRIBE\r\nFrom: \"2001\" <sip:2001 at digium-test-03.digium.sipit.net>;tag=4f2aac56\r\nTo: \"2001\" <sip:2001 at digium-test-03.digium.sipit.net>\r\nVia: SIP/2.0/TLS 132.177.252.58:44778;branch=z9hG4bK-353937-d9d17e7588e3e91e6eba5bba62fed0d9\r\nMax-Forwards: 70\r\nContact: \"2001\" <sip:2001 at 132.177.252.58:44778;transport=tls;registering_acc=digium-test-03_digium_sipit_net>\r\nUser-Agent: Jitsi2.4.4997Linux\r\nEvent: message-summary\r\nAccept: application/simple-message-summary\r\nExpires: 3600\r\nContent-Length: 0\r\n\r\n","src_port":"44778","local_port":"5061","local_name":"2606:4100:3880:2520::6:3","expires":"1412003075","endpoint":"2001","src_name":"::ffff:132.177.252.58"}
{noformat}

h1. Location Number One

In this particular off-nominal, the subscription is rejected on creation by PJPROJECT. This returns back a NULL {{sub}} pointer, which we then dereference to hilarity.

{noformat}
#0  shutdown_subscriptions (sub=0x0) at res_pjsip_pubsub.c:1145
1145		if (AST_VECTOR_SIZE(&sub->children) > 0) {
(gdb) bt
#0  shutdown_subscriptions (sub=0x0) at res_pjsip_pubsub.c:1145
#1  0x00007fbcbc0115cd in subscription_tree_destructor (obj=0x7fbcc448d2b8) at res_pjsip_pubsub.c:1171
#2  0x000000000045ff0c in internal_ao2_ref (user_data=0x7fbcc448d2b8, delta=-1, file=0x615494 "astobj2.c", line=513, func=0x615720 <__FUNCTION__.8363> "__ao2_ref")
    at astobj2.c:442
#3  0x0000000000460230 in __ao2_ref (user_data=0x7fbcc448d2b8, delta=-1) at astobj2.c:513
#4  0x00007fbcbc00fcfb in create_subscription_tree (handler=handler at entry=0x7fbca7563380 <presence_handler>, endpoint=endpoint at entry=0x2ad08c0, 
    rdata=rdata at entry=0x7fbcfc180840, resource=resource at entry=0x7fbcfc1807f0 "1001", generator=generator at entry=0x7fbcaf390180 <pidf_body_generator>, 
    tree=tree at entry=0x7fbcfc180830) at res_pjsip_pubsub.c:1249
#5  0x00007fbcbc01086b in subscription_persistence_recreate (obj=0x7fbcc46cd6d0, arg=<optimized out>, flags=<optimized out>) at res_pjsip_pubsub.c:1359
#6  0x000000000046121b in internal_ao2_traverse (self=0x7fbcc454a0c0, flags=OBJ_NODATA, cb_fn=0x7fbcbc0104e0 <subscription_persistence_recreate>, arg=0x7fbcc4275530, 
    data=0x0, type=AO2_CALLBACK_DEFAULT, tag=0x0, file=0x0, line=0, func=0x0) at astobj2_container.c:351
#7  0x0000000000461538 in __ao2_callback (c=0x7fbcc454a0c0, flags=OBJ_NODATA, cb_fn=0x7fbcbc0104e0 <subscription_persistence_recreate>, arg=0x7fbcc4275530)
    at astobj2_container.c:452
#8  0x00007fbcbc00f551 in subscription_persistence_load (data=<optimized out>) at res_pjsip_pubsub.c:1384
#9  0x00000000005e9ee1 in ast_taskprocessor_execute (tps=0x17b0358) at taskprocessor.c:766
#10 0x00000000005f150d in threadpool_execute (pool=0x1667bb8) at threadpool.c:351
#11 0x00000000005f2b47 in worker_active (worker=0x17b98e8) at threadpool.c:1072
#12 0x00000000005f28e3 in worker_start (arg=0x17b98e8) at threadpool.c:992
#13 0x00000000005fe89b in dummy_start (data=0x16b8e30) at utils.c:1201
#14 0x00007fbcffa16182 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#15 0x00007fbcfecd1fbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

With suitable protection, the logs show the following:
{noformat}
[Sep 29 03:30:57] ERROR[8069]: res_pjsip.c:2190 ast_sip_create_dialog_uas: Could not create dialog with endpoint 2001. Invalid URI (PJSIP_EINVALIDURI)
[Sep 29 03:30:57] WARNING[8069]: res_pjsip_pubsub.c:1252 create_subscription_tree: Unable to create dialog for SIP subscription
[Sep 29 03:30:57] ERROR[8069]: res_pjsip_pubsub.c:1366 subscription_persistence_recreate: FAILED to re-create subscription
{noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list