[asterisk-bugs] [JIRA] (ASTERISK-22469) crash when res_jabber receives an XMPP IQ stanza with no 'from'

Corey Farrell (JIRA) noreply at issues.asterisk.org
Wed Oct 11 13:33:21 CDT 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Corey Farrell closed ASTERISK-22469.
------------------------------------

    Resolution: Won't Fix

res_jabber no longer exists in any currently supported version of Asterisk. If you haven't already you should switch to res_xmpp / chan_motif.  Closing this since the description says res_xmpp does not have this issue.

> crash when res_jabber receives an XMPP IQ stanza with no 'from'
> ---------------------------------------------------------------
>
>                 Key: ASTERISK-22469
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22469
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Resources/res_jabber
>    Affects Versions: 1.8.23.1, 11.5.1, 12.0.0-alpha1
>         Environment: res_jabber on Asterisk 1.8.23
>            Reporter: abelbeck
>            Severity: Critical
>         Attachments: asterisk-1.8.23-jabber.conf-example.txt, prosody-0.8.2-cfg.lua.example.txt, res_jabber-prosody-0.8.2-vs-0.9.0.txt
>
>
> Reported as an aside on ASTERISK-22410. Moving to separate issue, as this seems to be a security vulnerability.
> {quote}
> The good news, Prosody 0.9.0 now works with Asterisk 1.8 which requires the 'from' attribute in the XMPP: iq id='disco' type='get' ... , or else Asterisk 1.8 segfaults.
> {quote}
> and from the comments:
> {quote}
> Rusty, to further elaborate on the segfault issue…
> With res_xmpp, both Prosody 0.8.2 and 0.9.0 work fine.
> With res_jabber, Prosody 0.8.2 causes it to segfault, prosody 0.9.0 works fine.
> Since Matthew was not clear why 0.9.0 fixed res_jabber, I disabled TLS to see what is going on, attached is a brief synopsis.
> Attached file: res_jabber-prosody-0.8.2-vs-0.9.0.txt
> {quote}
> {quote}
> I can't be any help with the backtrace since we cross-compile an embedded image with stripped symbols. My only help is the clue that the missing from= may trigger the crash.
> {quote}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list