[asterisk-bugs] [JIRA] (ASTERISK-26484) res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from' argument.

Friendly Automation (JIRA) noreply at issues.asterisk.org
Wed Mar 22 12:39:11 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=236074#comment-236074 ] 

Friendly Automation commented on ASTERISK-26484:
------------------------------------------------

Change 5266 merged by zuul:
res_pjsip_messaging: Check URI type before dereferencing

[https://gerrit.asterisk.org/5266|https://gerrit.asterisk.org/5266]

> res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from' argument.
> ---------------------------------------------------------------------------------
>
>                 Key: ASTERISK-26484
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26484
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Documentation, Resources/res_pjsip_messaging
>    Affects Versions: 14.0.2, 14.1.0
>         Environment: Centos 7.2
>            Reporter: Vinod Dharashive
>            Severity: Minor
>         Attachments: backtrace.txt
>
>
> Rusty's dialplan to reproduce:
> {noformat}
> exten = 100,1,Answer()
> same = n,Set(MESSAGE(body)="Blah blah blah")
> same = n,MessageSend(pjsip:BOB,"ALICE" <pjsip:ALICE at 10.24.18.16>)
> same = n,Hangup()
> {noformat}
> The second argument to MessageSend, should use "sip:" and not "pjsip:".
> Rusty's trace:
> {noformat}
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  __longjmp_chk (env=0x0, val=1) at ../setjmp/longjmp.c:32
> #0  __longjmp_chk (env=0x0, val=1) at ../setjmp/longjmp.c:32
> No locals.
> #1  0x00007f36c8a8628e in pj_throw_exception_ () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #2  0x00007f36c8a1cce0 in pool_callback () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #3  0x00007f36c8a88dec in pj_pool_allocate_find () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #4  0x00007f36c8a906e5 in pj_strdup () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #5  0x00007f3628f34f43 in update_from (tdata=0x7f3644001d38, tdata=0x7f3644001d38, from=<optimized out>) at res_pjsip_messaging.c:245
>         name_addr = 0x7f3644002450
>         parsed_name_addr = 0x7f364401ba10
> #6  msg_send (data=0x7f36a4002610) at res_pjsip_messaging.c:627
>         mdata = 0x7f36a4002610
>         body = {type = 0x7f3628f35f62 "text", subtype = 0x7f3628f35f5c "plain", body_text = 0x7f36a4000ccc "\"Blah blah blah\""}
>         tdata = 0x7f3644001d38
>         uri = 0x0
>         endpoint = 0x3aa8758
>         __PRETTY_FUNCTION__ = "msg_send"
> #7  0x0000000000607c1e in ast_taskprocessor_execute (tps=0x3d11db0) at taskprocessor.c:967
>         local = {local_data = 0x3d11db0, data = 0x8db4b0 <current_serializer>}
>         t = 0x7f36a4001340
>         size = 6405926
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> {noformat}
> Vinod's original trace:
> {noformat}
> #0  0x00007f9aca8045f7 in raise () from /lib64/libc.so.6
> No symbol table info available.
> #1  0x00007f9aca805ce8 in abort () from /lib64/libc.so.6
> No symbol table info available.
> #2  0x00007f9aca7fd566 in __assert_fail_base () from /lib64/libc.so.6
> No symbol table info available.
> #3  0x00007f9aca7fd612 in __assert_fail () from /lib64/libc.so.6
> No symbol table info available.
> #4  0x00007f9a8547e525 in pj_throw_exception_ () from /lib64/libpj.so.2
> No symbol table info available.
> #5  0x00007f9a86bb8b80 in pool_callback () from /lib64/libpjsip.so.2
> No symbol table info available.
> #6  0x00007f9a854814d0 in pj_pool_allocate_find () from /lib64/libpj.so.2
> No symbol table info available.
> #7  0x00007f9a85488fd5 in pj_strdup () from /lib64/libpj.so.2
> No symbol table info available.
> #8  0x00007f9a55acbf75 in update_from (tdata=0x1b47558, tdata=0x1b47558, from=<optimized out>)
>     at res_pjsip_messaging.c:245
>         name_addr = 0x1b47c80
>         parsed_name_addr = 0x1a59940
> #9  msg_send (data=0x7f9ab00019a0) at res_pjsip_messaging.c:627
>         mdata = 0x7f9ab00019a0
>         body = {type = 0x7f9a55acd127 "text", subtype = 0x7f9a55acd12c "plain", 
>           body_text = 0x7f9ab00016dc "Missed call at 18 Oct 2016 05:07:05 AM"}
>         tdata = 0x1b47558
>         uri = 0x0
> ---Type <return> to continue, or q <return> to quit--- 
>         endpoint = 0x1cf53a8
>         __PRETTY_FUNCTION__ = "msg_send"
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list