[asterisk-bugs] [JIRA] (ASTERISK-24463) Voicemail email address corrupt or not sent when message is in the process of being recorded during reload

Etienne Lessard (JIRA) noreply at issues.asterisk.org
Fri Mar 4 11:10:57 CST 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=229837#comment-229837 ] 

Etienne Lessard edited comment on ASTERISK-24463 at 3/4/16 11:10 AM:
---------------------------------------------------------------------

Hello,

I've taken a look at the problem, and here's what I found.

The problem comes from the fact that on "voicemail reload" / "module reload app_voicemail", the list of all VM users (struct ast_vm_user) from the "users" AST_LIST are freed. These struct contains pointers to dynamically allocated memory to hold the email, emailbody and emailsubject. When a message is being leaved in a voicemail, app_voicemail creates a copy of the struct from the list onto the thread's stack (via the find_user function), but it doesn't copy the dynamically allocated part of the struct, e.g. email. So if a reload happens when someone is leaving a message, then the copy's email pointer points to memory that has been freed, which could cause really a lot of problem, but in this case seems to mostly yield garbage.

A simple solution is to always create a copy of email / emailbody / emailsubject in the find_user function, and always free them when the struct is freed (they shouldn't be shared, so I believe it's safe to free them inconditionally, even though I'm not 100% sure). I'm attaching a small patch that fix the issue. I've only tested it on a really simple setup (i.e. voicemail configuration not stored in realtime, no IMAP storage or whatever). It probably works fine for these cases too, but I've not tested it.

I've done my patch/test on Asterisk 13.7.2.


was (Author: hexanol):
Hello,

I've taken a look at the problem, and here's what I found.

The problem comes from the fact that on "voicemail reload" / "module reload app_voicemail", the list of all VM users (struct ast_vm_user) from the "users" AST_LIST are freed. These struct contains pointers to dynamically allocated memory to hold the email, emailbody and emailsubject. When a message is being leaved in a voicemail, app_voicemail creates a copy of the struct from the list onto the thread's stack (via the find_user function), but it doesn't copy the dynamically allocated part of the struct, e.g. email. So if a reload happens when someone is leaving a message, then the copy's email pointer points to memory that has been freed, which could cause really a lot of problem, but in this case seems to mostly yield garbage.

A simple solution is to always create a copy of email / emailbody / emailsubject in the find_user function, and always free them when the struct is freed (they shouldn't be shared, so I believe it's safe to free them inconditionally, even though I'm not 100% sure). I'm attaching a small patch that fix the issue. I've only tested it on a really simple setup (i.e. voicemail configuration not stored in realtime, no IMAP storage or whatever). It probably works fine for these cases too, but I've not tested it.

> Voicemail email address corrupt or not sent when message is in the process of being recorded during reload
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-24463
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24463
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Applications/app_voicemail
>    Affects Versions: 11.14.1
>         Environment: FreePBX 2.11 Platform 64-bit running Asterisk 11.13.1
>            Reporter: John Campbell
>            Severity: Critical
>         Attachments: AST-24463.patch, Failed email, How to Replicate off ISO.txt, myDebugLog, Successful, voicemail.conf
>
>
> I have been testing a custom script today which has involved a lot of reloads and came across the following situation (the script I have been testing has nothing to do with email or anything that would affect the below):
> When someone is in the process of leaving a voicemail and Asterisk is reloaded when they hang up after the reload the email that it generated has a corrupt To: field or not sent at all.
> The Postfix log contains the corrupt address which is direct from Asterisk and looks similar to this:
> to=<P??$3?@mydomain.com>
> Running deliberate tests here just now has not yielded the corrupt To address but I have found that it does not send the email at all. After a reload when the person hangs up asterisk ends with 'User hung up' and no email is generated.
> UPDATE - Messages that I thought were not sent (from my test above) were (however still not all) but they went to the wrong email address (still valid on the system)! - This is starting to get a bit more critical now if personal messages are starting to go to random addresses.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list