[asterisk-bugs] [JIRA] (ASTERISK-25797) app_queue: Crash when calling a queue with a member with a forward to an nonexistent extension

Fri Feb 26 14:16:58 CST 2016

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=229736#comment-229736 ] 

Etienne Lessard commented on ASTERISK-25797:
--------------------------------------------

I'm having some trouble running Asterisk with the MALLOC_DEBUG compiler option, so I'm only attaching a debug log and a network capture.

But I've taken another look at the code, and in my case, in app_queue.c, the instruction "o->chan = ast_request(tech, ast_channel_nativeformats(in), NULL, in, stuff, &status);" set o->chan to NULL;  then, still in app_queue, it logs "Forwarding failed to create channel to dial '%s/%s'\n","; then app_queue calls "ast_channel_publish_dial(qe->chan, o->chan, stuff, NULL);", but o->chan is NULL at this time (we see it in the backtrace), and then ast_channel_publish_dial doesn't seem to handle the case were the second argument (peer) is NULL, entering an infinite loop (oh and maybe memory consumption goes up because the logs are produced by this thread at an higher rate that can be consumed by the thread responsible to write it to the files).

> app_queue: Crash when calling a queue with a member with a forward to an nonexistent extension
> ----------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25797
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25797
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Applications/app_queue
>    Affects Versions: 13.6.0, 13.7.2
>         Environment: Debian 8.3 amd64
>            Reporter: Etienne Lessard
>            Assignee: Etienne Lessard
>         Attachments: AST-25797.backtrace.txt, AST-25797.debug.log, AST-25797.log, AST-25797.pcap
>
>
> Given I have a queue with 1 member: Alice (SIP/alice)
> Given Alice's phone has a forward (SIP native) to the 444 extension, and the 444 extension isn't defined in the dialplan
> When Bob calls the queue
> Then asterisk get stuck in what seems to be an infinite loop, consuming a lot of CPU time, and rapidly consuming (in the matter of seconds) all the available memory in the system, until the kernel OOM killer terminate the process
> In my example, I used the following queues.conf:
> {code}
> [sales]
> strategy = ringall
> member => SIP/alice
> {code}
> And the following extensions.conf:
> {code}
> [default]
> exten = 101,1,NoOp()
> same  =   n,Queue(sales)
> same  =   n,Hangup()
> {code}
> When Alice's phone receives a SIP INVITE from asterisk, since it has an unconditional forward enabled, it respond with a "302 Moved Temporarily" with the header "Contact: <sip:444 at 10.34.1.11>".
> I've attached the interesting part of the log.
> Thank you

--
This message was sent by Atlassian JIRA
(v6.2#6252)