[asterisk-bugs] [JIRA] (ASTERISK-25122) Large SIP packet received via pjsip over websocket crashes Asterisk
Ivan Poddubny (JIRA)
noreply at issues.asterisk.org
Sat May 23 05:18:32 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan Poddubny updated ASTERISK-25122:
-------------------------------------
Description:
A regression introduced in 13.2.0 causes a crash when pjsip receives a SIP packet over websocket that is larger than PJSIP_MAX_PKT_LEN. The packet is truncated but the len field in pkg_info is not, thus leading to memory corruption and a segfault.
The patch is up for review at https://gerrit.asterisk.org/#/c/528/
was:A regression introduced in 13.2.0 causes a crash when pjsip receives a SIP packet over websocket that is larger than PJSIP_MAX_PKT_LEN. The packet is truncated but the len field in pkg_info is not, thus leading to memory corruption and a segfault.
> Large SIP packet received via pjsip over websocket crashes Asterisk
> --------------------------------------------------------------------
>
> Key: ASTERISK-25122
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25122
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip_transport_websocket
> Affects Versions: SVN, 13.3.2, 13.4.0
> Environment: Debian 8, pjsip 2.4
> Reporter: Ivan Poddubny
>
> A regression introduced in 13.2.0 causes a crash when pjsip receives a SIP packet over websocket that is larger than PJSIP_MAX_PKT_LEN. The packet is truncated but the len field in pkg_info is not, thus leading to memory corruption and a segfault.
> The patch is up for review at https://gerrit.asterisk.org/#/c/528/
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list