[asterisk-bugs] [JIRA] (ASTERISK-27262) res_ari: Leaking eventfds when using ARI Dial
Thomas Wirum Larsen (JIRA)
noreply at issues.asterisk.org
Fri Sep 8 07:59:08 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238588#comment-238588 ]
Thomas Wirum Larsen commented on ASTERISK-27262:
------------------------------------------------
Added an strace-log and /var/log/asterisk/messages
Also added sip.conf and extensions.conf
https://github.com/zicada/bug-ASTERISK-27262
Relevant code/documentation in ARI4Java:
ari.channels().create(
destination, // String endpoint
"tsip", // String app
"", // String appargs
secondChId, // String channelId
"", // String otherChannelId
"", // String originator
""); // String formats
ari.channels().dial( secondChId, destination, 30 );
Expected outcome is for 'lsof -p <pid of asterisk> | grep eventfd | wc -l' to not grow each time dial() is invoked until it hits the OS's ulimit and crashes.
> res_ari: Leaking eventfds when using ARI Dial
> ---------------------------------------------
>
> Key: ASTERISK-27262
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27262
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_ari
> Affects Versions: 14.6.1
> Environment: Ubuntu 17.04
> Reporter: Thomas Wirum Larsen
> Assignee: Thomas Wirum Larsen
>
> When using ARI4Java bindings and their Dial() method, Asterisk leaks (fails to close?) an eventfd, leading to a crash once the underlying OS' ulimit is reached.
> This behavior is only seen using dial(). When using originate(), asterisk behaves correctly.
> This bug is reproducible on Asterisk 13x and 14x using Ari4Java 0.4.3 and 0.4.4 and ARI protocol version 1.7 through 1.10. We have been unsuccessful in testing 2.0.0 or 3.0.0 protocol variants, thus we cannot guarantee this behavior exists in the 2x and 3x protocol branches.
> While the actual bug may be in Ari4Java, it is arguable that a REST interface should not be allowed to cause the host to leak file descriptors as this a potential DOS attack (or worse). This is thus clearly a bug in Asterisks implementation of ARI and requires immediate attention.
> We have filed an issue with Ari4Java as well.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list