[asterisk-bugs] [JIRA] (ASTERISK-25707) Long contact URIs or hostnames can crash pjproject/Asterisk under certain conditions
Kevin Harwell (JIRA)
noreply at issues.asterisk.org
Thu Apr 14 17:27:57 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Harwell updated ASTERISK-25707:
-------------------------------------
Security: (was: Reporter, Bug Marshals, and Digium)
> Long contact URIs or hostnames can crash pjproject/Asterisk under certain conditions
> ------------------------------------------------------------------------------------
>
> Key: ASTERISK-25707
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25707
> Project: Asterisk
> Issue Type: Bug
> Components: Resources/res_pjsip
> Affects Versions: SVN, 13.7.0
> Reporter: George Joseph
> Assignee: George Joseph
> Labels: Security
> Target Release: 13.8.1
>
> Attachments: 0001-res_pjsip-Validate-that-URIs-don-t-exceed-pjproject-.patch, ASTERISK-25707-assertion-bt.txt, bt_full.txt, register.xml
>
>
> If pjproject is compiled without the -DNDEBUG CFLAG, then it's possible to crash Asterisk by crafting a REGISTER with either a user or hostname greater than pjproject's compiled limits. If authentication is required, the issue won't happen because we have to add the contact, then try to use it. If rewrite_contact is set on the endpoint, then you can protect against hostname attacks but if the combined uri is > 128, pjproject triggers an assert/raise which will crash the process. Worse, the contact will be added to astdb before the crash so when Asterisk restarts, it will just crash again when it tries to send an OPTIONS. This will continue until the registration times out.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list