[asterisk-bugs] [JIRA] (ASTERISK-24463) Voicemail email address corrupt or not sent when message is in the process of being recorded during reload

Etienne Lessard (JIRA) noreply at issues.asterisk.org
Fri Mar 4 11:08:56 CST 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=229837#comment-229837 ] 

Etienne Lessard commented on ASTERISK-24463:
--------------------------------------------

Hello,

I've taken a look at the problem, and here's what I found.

The problem comes from the fact that on "voicemail reload" / "module reload app_voicemail", the list of all VM users (struct ast_vm_user) from the "users" AST_LIST are freed. These struct contains pointers to dynamically allocated memory to hold the email, emailbody and emailsubject. When a message is being leaved in a voicemail, app_voicemail creates a copy of the struct from the list onto the thread's stack (via the find_user function), but it doesn't copy the dynamically allocated part of the struct, e.g. email. So if a reload happens when someone is leaving a message, then the copy's email pointer points to memory that has been freed, which could cause really a lot of problem, but in this case seems to mostly yield garbage.

A simple solution is to always create a copy of email / emailbody / emailsubject in the find_user function, and always free them when the struct is freed (they shouldn't be shared, so I believe it's safe to free them inconditionally, even though I'm not 100% sure). I'm attaching a small patch that fix the issue. I've only tested it on a really simple setup (i.e. voicemail configuration not stored in realtime, no IMAP storage or whatever). It probably works fine for these cases too, but I've not tested it.

> Voicemail email address corrupt or not sent when message is in the process of being recorded during reload
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-24463
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24463
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Applications/app_voicemail
>    Affects Versions: 11.14.1
>         Environment: FreePBX 2.11 Platform 64-bit running Asterisk 11.13.1
>            Reporter: John Campbell
>            Severity: Critical
>         Attachments: Failed email, How to Replicate off ISO.txt, myDebugLog, Successful, voicemail.conf
>
>
> I have been testing a custom script today which has involved a lot of reloads and came across the following situation (the script I have been testing has nothing to do with email or anything that would affect the below):
> When someone is in the process of leaving a voicemail and Asterisk is reloaded when they hang up after the reload the email that it generated has a corrupt To: field or not sent at all.
> The Postfix log contains the corrupt address which is direct from Asterisk and looks similar to this:
> to=<P??$3?@mydomain.com>
> Running deliberate tests here just now has not yielded the corrupt To address but I have found that it does not send the email at all. After a reload when the person hangs up asterisk ends with 'User hung up' and no email is generated.
> UPDATE - Messages that I thought were not sent (from my test above) were (however still not all) but they went to the wrong email address (still valid on the system)! - This is starting to get a bit more critical now if personal messages are starting to go to random addresses.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list