[asterisk-bugs] [JIRA] (ASTERISK-25722) ASAN & testsute: stack-buffer-overflow in sip_sipredirect

Joshua Colp (JIRA) noreply at issues.asterisk.org
Mon Jan 25 08:22:33 CST 2016 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-25722?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-25722:
-----------------------------------

    Severity: Minor  (was: Critical)

> ASAN & testsute: stack-buffer-overflow in sip_sipredirect
> ---------------------------------------------------------
>
>                 Key: ASTERISK-25722
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25722
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Security Framework
>    Affects Versions: 13.7.0
>            Reporter: Badalian Vyacheslav
>            Severity: Minor
>
> Looks like security issue... 
> {code}
> ==16756==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ff203abbe60 at pc 0x7ff237cfa208 bp 0x7ff203abb9c0 sp 0x7ff203abb148
> WRITE of size 257 at 0x7ff203abbe60 thread T72
>     #0 0x7ff237cfa207  (/lib64/libasan.so.2+0x52207)
>     #1 0x7ff237cfaf5a in __interceptor_vsscanf (/lib64/libasan.so.2+0x52f5a)
>     #2 0x7ff237cfb0b9 in __interceptor_sscanf (/lib64/libasan.so.2+0x530b9)
>     #3 0x7ff2275b48d8 in sip_sipredirect /root/asterisk-13.7.0/channels/chan_sip.c:32957
>     #4 0x7ff2274aedc7 in sip_transfer /root/asterisk-13.7.0/channels/chan_sip.c:7449
>     #5 0x5685c8 in ast_transfer /root/asterisk-13.7.0/main/channel.c:6182
>     #6 0x7ff2239fa857 in transfer_exec /root/asterisk-13.7.0/apps/app_transfer.c:121
>     #7 0x6d083c in pbx_exec /root/asterisk-13.7.0/main/pbx.c:1722
>     #8 0x6e7007 in pbx_extension_helper /root/asterisk-13.7.0/main/pbx.c:4994
>     #9 0x6ed147 in ast_spawn_extension /root/asterisk-13.7.0/main/pbx.c:6216
>     #10 0x6ef92c in __ast_pbx_run /root/asterisk-13.7.0/main/pbx.c:6633
>     #11 0x6f2050 in pbx_thread /root/asterisk-13.7.0/main/pbx.c:6953
>     #12 0x7eff7c in dummy_start /root/asterisk-13.7.0/main/utils.c:1237
>     #13 0x7ff2361badc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
>     #14 0x7ff23549a21c in clone (/lib64/libc.so.6+0xf621c)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list