[asterisk-bugs] [JIRA] (ASTERISK-24333) Crash in DTLS

Badalian Vyacheslav (JIRA) noreply at issues.asterisk.org
Mon Sep 29 23:25:29 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=222834#comment-222834 ] 

Badalian Vyacheslav commented on ASTERISK-24333:
------------------------------------------------

Hello! Does not help....

{code}
0x0000003be3c89902 in memcpy () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003be3c89902 in memcpy () from /lib64/libc.so.6
#1  0x0000003bea43bff7 in do_dtls1_write () from /usr/lib64/libssl.so.10
#2  0x0000003bea43e80a in dtls1_do_write () from /usr/lib64/libssl.so.10
#3  0x0000003bea438c77 in dtls1_accept () from /usr/lib64/libssl.so.10
#4  0x0000003bea43d4ad in dtls1_read_bytes () from /usr/lib64/libssl.so.10
#5  0x0000003bea427d50 in ?? () from /usr/lib64/libssl.so.10
#6  0x00007ffd42b2cef4 in __rtp_recvfrom (instance=0x7ffcc4003a58, buf=0x7ffd28bd9c90, size=8192, flags=0, sa=0x7ffd28bdbc90, rtcp=1) at res_rtp_asterisk.c:1723
#7  0x00007ffd42b2d260 in rtcp_recvfrom (instance=0x7ffcc4003a58, buf=0x7ffd28bd9c90, size=8192, flags=0, sa=0x7ffd28bdbc90) at res_rtp_asterisk.c:1784
#8  0x00007ffd42b34333 in ast_rtcp_read (instance=0x7ffcc4003a58) at res_rtp_asterisk.c:3466
#9  0x00007ffd42b36645 in ast_rtp_read (instance=0x7ffcc4003a58, rtcp=1) at res_rtp_asterisk.c:3851
#10 0x0000000000551287 in ast_rtp_instance_read (instance=0x7ffcc4003a58, rtcp=1) at rtp_engine.c:314
#11 0x00007ffd79c18663 in sip_rtp_read (ast=0x7ffcc4016b78, p=0x7ffcc4034688, faxdetect=0x7ffd28bdc604) at chan_sip.c:8197
#12 0x00007ffd79c18df1 in sip_read (ast=0x7ffcc4016b78) at chan_sip.c:8291
#13 0x000000000047c91d in __ast_read (chan=0x7ffcc4016b78, dropaudio=0) at channel.c:4054
#14 0x000000000047e6c6 in ast_read (chan=0x7ffcc4016b78) at channel.c:4408
#15 0x00007ffd2e441a1a in wait_for_answer (in=0x7ffcc4016b78, out_chans=0x7ffd28bde950, to=0x7ffd28bde94c, peerflags=0x7ffd28bdeeb0, opt_args=0x7ffd28bde190, pa=0x7ffd28bde270, num_in=0x7ffd28bde930, result=0x7ffd28bde26c,
    dtmf_progress=0x0, ignore_cc=1, forced_clid=0x7ffd28bde040, stored_clid=0x7ffd28bddff0) at app_dial.c:1562
#16 0x00007ffd2e446f70 in dial_exec_full (chan=0x7ffcc4016b78, data=0x7ffd28be1110 "SIP/avaya/989090054050,300,Tt", peerflags=0x7ffd28bdeeb0, continue_exec=0x0) at app_dial.c:2683
#17 0x00007ffd2e449789 in dial_exec (chan=0x7ffcc4016b78, data=0x7ffd28be1110 "SIP/avaya/989090054050,300,Tt") at app_dial.c:3130
#18 0x000000000052b0e1 in pbx_exec (c=0x7ffcc4016b78, app=0x26a07f0, data=0x7ffd28be1110 "SIP/avaya/989090054050,300,Tt") at pbx.c:1622
#19 0x0000000000535afe in pbx_extension_helper (c=0x7ffcc4016b78, con=0x0, context=0x7ffcc40179c8 "macro-dialout-trunk", exten=0x7ffcc4017a18 "s", priority=22, label=0x0, callerid=0x7ffc8001e960 "84996051913", action=E_SPAWN,
    found=0x7ffd28be378c, combined_find_spawn=1) at pbx.c:4915
#20 0x0000000000538f99 in ast_spawn_extension (c=0x7ffcc4016b78, context=0x7ffcc40179c8 "macro-dialout-trunk", exten=0x7ffcc4017a18 "s", priority=22, callerid=0x7ffc8001e960 "84996051913", found=0x7ffd28be378c, combined_find_spawn=1)
    at pbx.c:6037
#21 0x00007ffd2d4180b0 in _macro_exec (chan=0x7ffcc4016b78, data=0x7ffd28be6490 "dialout-trunk,2,989090054050,,off", exclusive=0) at app_macro.c:412
#22 0x00007ffd2d419342 in macro_exec (chan=0x7ffcc4016b78, data=0x7ffd28be6490 "dialout-trunk,2,989090054050,,off") at app_macro.c:585
#23 0x000000000052b0e1 in pbx_exec (c=0x7ffcc4016b78, app=0x269b180, data=0x7ffd28be6490 "dialout-trunk,2,989090054050,,off") at pbx.c:1622
#24 0x0000000000535afe in pbx_extension_helper (c=0x7ffcc4016b78, con=0x0, context=0x7ffcc40179c8 "macro-dialout-trunk", exten=0x7ffcc4017a18 "s", priority=5, label=0x0, callerid=0x7ffc8001e960 "84996051913", action=E_SPAWN,
    found=0x7ffd28be8b70, combined_find_spawn=1) at pbx.c:4915
#25 0x0000000000538f99 in ast_spawn_extension (c=0x7ffcc4016b78, context=0x7ffcc40179c8 "macro-dialout-trunk", exten=0x7ffcc4017a18 "s", priority=5, callerid=0x7ffc8001e960 "84996051913", found=0x7ffd28be8b70, combined_find_spawn=1)
    at pbx.c:6037
#26 0x000000000053a736 in __ast_pbx_run (c=0x7ffcc4016b78, args=0x0) at pbx.c:6512
#27 0x000000000053c213 in pbx_thread (data=0x7ffcc4016b78) at pbx.c:6842
#28 0x0000000000598580 in dummy_start (data=0x7ffcc402c2a0) at utils.c:1169
#29 0x0000003be44079d1 in start_thread () from /lib64/libpthread.so.0
#30 0x0000003be3ce886d in clone () from /lib64/libc.so.6
{code}




> Crash in DTLS
> -------------
>
>                 Key: ASTERISK-24333
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24333
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/WebSocket
>    Affects Versions: 11.12.0
>            Reporter: Badalian Vyacheslav
>            Assignee: Badalian Vyacheslav
>            Severity: Critical
>         Attachments: ASTERISK-24333-11.diff, valgrind2.txt, valgrind.txt
>
>
> Asterisk. DTLS. Only WSS. 300+ Clients
> CentOS 6. All last updates
> m1-asterisk01*CLI> *** glibc detected *** /usr/sbin/asterisk: double free or corruption (!prev): 0x00007f95f40854a0 ***
> ======= Backtrace: =========
> /lib64/libc.so.6(+0x75e76)[0x7f968725fe76]
> /lib64/libc.so.6(+0x789b3)[0x7f96872629b3]
> /usr/lib64/libcrypto.so.10(CRYPTO_realloc_clean+0xf3)[0x7f968662fde3]
> /usr/lib64/libcrypto.so.10(BUF_MEM_grow_clean+0x86)[0x7f968669f996]
> /usr/lib64/libcrypto.so.10(+0xda3f3)[0x7f96866a13f3]
> /usr/lib64/libcrypto.so.10(BIO_write+0x77)[0x7f96866a05f7]
> /usr/lib64/libcrypto.so.10(+0xdc621)[0x7f96866a3621]
> /usr/lib64/libssl.so.10(dtls1_do_write+0x18d)[0x7f96869e58ad]
> /usr/lib64/libssl.so.10(dtls1_accept+0xaa7)[0x7f96869dfc77]
> /usr/lib/asterisk/modules/res_rtp_asterisk.so(+0xf6d5)[0x7f964048c6d5]
> /usr/lib/asterisk/modules/res_rtp_asterisk.so(+0xf7a6)[0x7f964048c7a6]
> /usr/lib/asterisk/modules/res_rtp_asterisk.so(+0x199d1)[0x7f96404969d1]
> /usr/lib/asterisk/modules/res_rtp_asterisk.so(+0x48792)[0x7f96404c5792]
> /usr/lib/asterisk/modules/res_rtp_asterisk.so(+0xad46)[0x7f9640487d46]
> /usr/lib/asterisk/modules/res_rtp_asterisk.so(+0x39cbf)[0x7f96404b6cbf]
> /lib64/libpthread.so.0(+0x79d1)[0x7f96861ad9d1]
> /lib64/libc.so.6(clone+0x6d)[0x7f96872d286d]



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list