[asterisk-bugs] [JIRA] (ASTERISK-27225) Crash when freeing dtls_cfg->cafile
Richard Kenner (JIRA)
noreply at issues.asterisk.org
Fri Sep 1 17:26:08 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238265#comment-238265 ]
Richard Kenner edited comment on ASTERISK-27225 at 9/1/17 5:26 PM:
-------------------------------------------------------------------
I'm setting up Asterisk on a new server and don't plan to resolve the error (which is in the other issue) any time soon. This was a one-shot crash, but I can't deploy this live until each crash has been understood and resolved.
The full traceback is:
{noformat}
#3 0x00007ff2bf76b503 in _int_free () from /lib64/libc.so.6
#4 0x000000000059f1b0 in ast_rtp_dtls_cfg_free (
dtls_cfg=dtls_cfg at entry=0x1cbd6b8) at rtp_engine.c:2781
#5 0x00007ff240b20f3a in build_peer (name=name at entry=0x7ff234027430 "4170",
v_head=0x7ff234027560, alt=alt at entry=0x0, devstate_only=0, realtime=0)
at chan_sip.c:31392
#6 0x00007ff240b28000 in reload_config (reason=<optimized out>)
at chan_sip.c:33247
#7 0x00007ff240b2d13a in sip_do_reload (reason=<optimized out>)
at chan_sip.c:34023
#8 do_monitor (data=data at entry=0x0) at chan_sip.c:29655
#9 0x00000000005f90da in dummy_start (data=<optimized out>) at utils.c:1233
{noformat}
And:
{noformat}
(gdb) print peer->dtls_cfg
$1 = {enabled = 1, rekey = 0, default_setup = AST_RTP_DTLS_SETUP_ACTPASS,
suite = AST_AES_CM_128_HMAC_SHA1_80, hash = AST_RTP_DTLS_HASH_SHA256,
verify = AST_RTP_DTLS_VERIFY_NONE, certfile = 0x0, pvtfile = 0x0,
cipher = 0x0, cafile = 0x1cbe880 "", capath = 0x1cbe8a0 ""}
{noformat}
Doing another "sip reload" doesn't cause a crash.
And when I inspect the code, I can't find a place where cafile and capath are set to anything other than NULL or the result of ast_strdup, so this is indeed a mystery.
was (Author: kenner):
I'm setting up Asterisk on a new server and don't plan to resolve the error (which is in the other issue) any time soon. This was a one-shot crash, but I can't deploy this live until each crash has been understood and resolved.
The full traceback is:
#3 0x00007ff2bf76b503 in _int_free () from /lib64/libc.so.6
#4 0x000000000059f1b0 in ast_rtp_dtls_cfg_free (
dtls_cfg=dtls_cfg at entry=0x1cbd6b8) at rtp_engine.c:2781
#5 0x00007ff240b20f3a in build_peer (name=name at entry=0x7ff234027430 "4170",
v_head=0x7ff234027560, alt=alt at entry=0x0, devstate_only=0, realtime=0)
at chan_sip.c:31392
#6 0x00007ff240b28000 in reload_config (reason=<optimized out>)
at chan_sip.c:33247
#7 0x00007ff240b2d13a in sip_do_reload (reason=<optimized out>)
at chan_sip.c:34023
#8 do_monitor (data=data at entry=0x0) at chan_sip.c:29655
#9 0x00000000005f90da in dummy_start (data=<optimized out>) at utils.c:1233
And:
(gdb) print peer->dtls_cfg
$1 = {enabled = 1, rekey = 0, default_setup = AST_RTP_DTLS_SETUP_ACTPASS,
suite = AST_AES_CM_128_HMAC_SHA1_80, hash = AST_RTP_DTLS_HASH_SHA256,
verify = AST_RTP_DTLS_VERIFY_NONE, certfile = 0x0, pvtfile = 0x0,
cipher = 0x0, cafile = 0x1cbe880 "", capath = 0x1cbe8a0 ""}
Doing another "sip reload" doesn't cause a crash.
And when I inspect the code, I can't find a place where cafile and capath are set to anything other than NULL or the result of ast_strdup, so this is indeed a mystery.
> Crash when freeing dtls_cfg->cafile
> -----------------------------------
>
> Key: ASTERISK-27225
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27225
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/RTP
> Affects Versions: 14.6.0
> Environment: CentOS 7
> Reporter: Richard Kenner
> Assignee: Unassigned
>
> I got a crash in free() from:
> {noformat}
> #4 0x000000000059f1b0 in ast_rtp_dtls_cfg_free (
> dtls_cfg=dtls_cfg at entry=0x1cbd6b8) at rtp_engine.c:2781
> 2781 ast_free(dtls_cfg->cafile);
> (gdb) print dtls_cfg->cafile
> $1 = 0x1cbe880 ""
> {noformat}
> This looks like it's trying to free something that wasn't malloc'ed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list