[asterisk-bugs] [JIRA] (ASTERISK-27170) pjproject: Unsafe usage of gethostbyname causing memory corruption

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Mon Oct 23 12:04:21 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=239544#comment-239544 ] 

Kevin Harwell commented on ASTERISK-27170:
------------------------------------------

The issue here is that it appears musl (or the version you are using) does not support the _getaddrinfo_ method, which is a thread safe alternative to _gethostbyname_. The pjproject configure script uses the following to see if _getaddrinfo_ is supported by the platform:
{noformat}
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo() is available" >&5
$as_echo_n "checking if getaddrinfo() is available... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */
#include <sys/types.h>
				     #include <sys/socket.h>
				     #include <netdb.h>
int
main ()
{
getaddrinfo(0, 0, 0, 0);
  ;
  return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
  $as_echo "#define PJ_SOCK_HAS_GETADDRINFO 1" >>confdefs.h
{noformat}
If it is then _getaddrinfo_ is used by pjsip's _pj_getaddrinfo_ function. Otherwise it falls back to using _gethostbyname_.

If it is possible I'd highly recommend using a library that supports the _getaddrinfo_ function. Barring that you'll have to make the pjsip code thread safe, which you've done with your patch. 

Unfortunately, the patch as-is is not in a state to be submitted upstream. According to the man page for [gethostbyname|http://man7.org/linux/man-pages/man3/gethostbyname.3.html] the "_r"  implementations are gnu only extensions.

In order for us to submit this patch upstream to pjproject the gnu extension calls will need to be wrapped in #defines. Another option would be to not use the extension(s), but use some kind of locking mechanism.


> pjproject: Unsafe usage of gethostbyname causing memory corruption
> ------------------------------------------------------------------
>
>                 Key: ASTERISK-27170
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27170
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: PBX/General
>    Affects Versions: 13.16.0, 13.17.0
>         Environment: 64bit linux musl 1.1.16-git
>            Reporter: nappsoft
>            Assignee: Unassigned
>         Attachments: backtrace4.txt, crashlog.txt, gethostbyname_r.diff, trace_cel_crash.txt, trace.txt, valgrind2.txt, valgrind4.txt, vgcore.24994-brief.txt, vgcore.24994-full.txt, vgcore.24994-locks.txt, vgcore.24994-thread1.txt
>
>
> From time to time asterisk crashes when a component is trying to allocate memory. According to the sip traces this seem to happen mainly soon (sometimes some milliseconds, sometimes a few seconds) after a call in which a PickupChan operation was involved has been finished.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list