[asterisk-bugs] [JIRA] (ASTERISK-25707) Long contact uris or hostnames can crash Asterisk under certain conditions

George Joseph (JIRA) noreply at issues.asterisk.org
Tue Jan 19 19:41:33 CST 2016 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-25707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

George Joseph updated ASTERISK-25707:
-------------------------------------

    Description: 
If pjproject is compiled without the -DNDEBUG CFLAG, then it's possible to crash Asterisk by crafting a REGISTER with either a user or hostname greater than pjproject's compiled limits.  If authentication is required, the issue won't happen because we have to add the contact, then try to use it.  If rewrite_contact is set on the endpoint, then you can protect against hostname attacks but if the combined uri is > 128, pjproject triggers an assert/raise which will crash the process.  Worse, the contact will be added to astdb before the crash so when Asterisk restarts, it will just crash again when it tries to send an OPTIONS.  This will continue until the registration times out.



  was:
If pjproject is compiled without the -DNDEBUG CFLAG, then it's possible to crash Asterisk by crafting a REGISTER with either a user or hostname greater than pjproject's compiled limits.  If rewrite_contact is set on the endpoint, then you can protect against hostname attacks but if the combined uri is > 128, pjproject triggers an assert/raise which will crash the process.  Worse, the contact will be added to astdb before the crash so when Asterisk restarts, it will just crash again when it tries to send an OPTIONS.  This will continue until the registration times out.




> Long contact uris or hostnames can crash Asterisk under certain conditions
> --------------------------------------------------------------------------
>
>                 Key: ASTERISK-25707
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25707
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: SVN, 13.7.0
>            Reporter: George Joseph
>
> If pjproject is compiled without the -DNDEBUG CFLAG, then it's possible to crash Asterisk by crafting a REGISTER with either a user or hostname greater than pjproject's compiled limits.  If authentication is required, the issue won't happen because we have to add the contact, then try to use it.  If rewrite_contact is set on the endpoint, then you can protect against hostname attacks but if the combined uri is > 128, pjproject triggers an assert/raise which will crash the process.  Worse, the contact will be added to astdb before the crash so when Asterisk restarts, it will just crash again when it tries to send an OPTIONS.  This will continue until the registration times out.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list