[asterisk-bugs] [JIRA] (ASTERISK-25707) Long contact URIs or hostnames can crash pjproject/Asterisk under certain conditions

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Jul 27 10:16:17 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-25707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-25707:
-------------------------------------

    Target Release Version/s: 14.0.0

> Long contact URIs or hostnames can crash pjproject/Asterisk under certain conditions
> ------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25707
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25707
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Resources/res_pjsip
>    Affects Versions: SVN, 13.7.0
>            Reporter: George Joseph
>            Assignee: George Joseph
>              Labels: Security
>      Target Release: 13.8.1, 13.9.0, 14.0.0
>
>         Attachments: 0001-res_pjsip-Validate-that-URIs-don-t-exceed-pjproject-.patch, ASTERISK-25707-assertion-bt.txt, bt_full.txt, register.xml
>
>
> If pjproject is compiled without the -DNDEBUG CFLAG, then it's possible to crash Asterisk by crafting a REGISTER with either a user or hostname greater than pjproject's compiled limits.  If authentication is required, the issue won't happen because we have to add the contact, then try to use it.  If rewrite_contact is set on the endpoint, then you can protect against hostname attacks but if the combined uri is > 128, pjproject triggers an assert/raise which will crash the process.  Worse, the contact will be added to astdb before the crash so when Asterisk restarts, it will just crash again when it tries to send an OPTIONS.  This will continue until the registration times out.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list