[asterisk-bugs] [JIRA] (ASTERISK-27262) res_ari: Leaking eventfds when using ARI Dial

Joshua Colp (JIRA) noreply at issues.asterisk.org
Fri Sep 8 07:29:08 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238587#comment-238587 ] 

Joshua Colp commented on ASTERISK-27262:
----------------------------------------

Thank you for taking the time to report this bug and helping to make Asterisk better. Unfortunately, we cannot work on this bug because your description did not include enough information. Please read over the Asterisk Issue Guidelines [1] which discusses the information necessary for your issue to be resolved and the format that information needs to be in. We would be grateful if you would then provide a more complete description of the problem. At a minimum, we need:

1. The specific steps or actions you took that caused you to encounter the problem.
2. The behavior you expected and the location of documentation that led you to that expectation.
3. The behavior you actually encountered.

To demonstrate the issue in detail, please include Asterisk log files generated per the instructions on the wiki [2]. If applicable, please ensure that protocol-level trace debugging is enabled, e.g., 'sip set debug on' if the issue involves chan_sip, and configuration information such as dialplan and channel configuration.

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

[2] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information



> res_ari: Leaking eventfds when using ARI Dial
> ---------------------------------------------
>
>                 Key: ASTERISK-27262
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27262
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_ari
>    Affects Versions: 14.6.1
>         Environment: Ubuntu 17.04
>            Reporter: Thomas Wirum Larsen
>
> When using ARI4Java bindings and their Dial() method, Asterisk leaks (fails to close?) an eventfd, leading to a crash once the underlying OS' ulimit is reached.
> This behavior is only seen using dial(). When using originate(), asterisk behaves correctly.
> This bug is reproducible on Asterisk 13x and 14x using Ari4Java 0.4.3 and 0.4.4 and ARI protocol version 1.7 through 1.10. We have been unsuccessful in testing 2.0.0 or 3.0.0 protocol variants, thus we cannot guarantee this behavior exists in the 2x and 3x protocol branches.
> While the actual bug may be in Ari4Java, it is arguable that a REST interface should not be allowed to cause the host to leak file descriptors as this a potential DOS attack (or worse). This is thus clearly a bug in Asterisks implementation of ARI and requires immediate attention.
> We have filed an issue with Ari4Java as well.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list