[asterisk-bugs] [JIRA] (ASTERISK-24369) res_pjsip: Large message on reliable transport can cause empty messages to be passed from the PJSIP stack up, causing crashes in multiple locations
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Mon Sep 29 15:05:29 CDT 2014
Matt Jordan created ASTERISK-24369:
--------------------------------------
Summary: res_pjsip: Large message on reliable transport can cause empty messages to be passed from the PJSIP stack up, causing crashes in multiple locations
Key: ASTERISK-24369
URL: https://issues.asterisk.org/jira/browse/ASTERISK-24369
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_hep_pjsip, Resources/res_pjsip, Resources/res_pjsip_logger
Affects Versions: 13.0.0-beta2, 12.6.0
Reporter: Matt Jordan
When a message that exceeds the {{PJ_MAX_PKT_SIZE}} is sent over a reliable transport, it is possible (although it shouldn't occur) for pjproject to pass up an {{rdata}} object with a NULL {{msg}} in the {{msg_info}}. Needless to say, things that attempt to dereference this are in for a rough ride.
In particular, this caused crashes in three different locations (primarily):
# {{res_pjsip_logger}}
# {{res_pjsip_hep}}
# {{res_pjsip/distributor}}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list