[asterisk-bugs] [JIRA] (ASTERISK-25796) res_pjsip: DOS/Crash when TCP/TLS sockets exceed pjproject PJ_IOQUEUE_MAX_HANDLES
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Mon Apr 25 16:48:59 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp updated ASTERISK-25796:
-----------------------------------
Target Release Version/s: 13.9.0
> res_pjsip: DOS/Crash when TCP/TLS sockets exceed pjproject PJ_IOQUEUE_MAX_HANDLES
> ---------------------------------------------------------------------------------
>
> Key: ASTERISK-25796
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25796
> Project: Asterisk
> Issue Type: Bug
> Components: Resources/res_pjsip
> Affects Versions: SVN, 13.7.2
> Reporter: George Joseph
> Labels: Security
> Target Release: 13.8.1, 13.9.0
>
> Attachments: bt_full.txt, options.xml, transport_management.diff
>
>
> pjproject's default PJ_IOQUEUE_MAX_HANDLES is set to 64. If an attempt is made to open more than that (actually MAX_HANDLES - 4) and pjproject was compiled without NDEBUG, pjproject will assert with "../src/pj/ioqueue_select.c:352: pj_ioqueue_register_sock2: Assertion `!pj_list_empty(&ioqueue->free_list)' failed." and Asterisk will die. If pjproject WAS compiled with NDEBUG, then you can easily keep 60 sockets open and prevent Asterisk from performing any new TCP/TLS transactions. You do NOT need to be authenticated to trigger the scenario.
> To reproduce the crash...
> Compile pjproject without NDEBUG.
> Create a TCP transport, endpoint and aor with default settings.
> Using the attached options.xml run 2 instances of sipp. You have to run 2 and start them quick because sipp terminates when the remote end closes the listener.
> $ sipp -sf options.xml <server> -s <endpoint> -t tn -m 61 -r 30 -max_socket 200 -bg
> $ sipp -sf options.xml <server> -s <endpoint> -t tn -m 61 -r 30 -max_socket 200 -bg
> To reproduce the DOS...
> Compile pjproject with or without NDEBUG.
> Create a TCP transport, endpoint and aor with default settings.
> $ sipp -sf options.xml <server> -s <endpoint> -t tn -m 60 -r 30 -max_socket 200
> You will not be able to initiate any new transactions
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list