[asterisk-bugs] [JIRA] (ASTERISK-27807) iostreams: Potential DoS when client connection closed prematurely

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Aug 8 10:06:58 CDT 2018


     [ https://issues.asterisk.org/jira/browse/ASTERISK-27807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-27807:
-------------------------------------

    Target Release Version/s: 16.0.0

> iostreams: Potential DoS when client connection closed prematurely
> ------------------------------------------------------------------
>
>                 Key: ASTERISK-27807
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27807
>             Project: Asterisk
>          Issue Type: Security
>          Components: Core/HTTP
>    Affects Versions: 15.3.0
>            Reporter: Sean Bright
>            Severity: Blocker
>              Labels: security
>      Target Release: 15.4.1, 15.5.0, 16.0.0
>
>         Attachments: AST-2018-007.pdf, reproduce.txt
>
>
> Before Asterisk sends an HTTP response (at least in the case of errors), it attempts to read & discard the content of the request. If the client lies about the Content-Length, or the connection is closed from the client side before "Content-Length" bytes are sent, the request handling thread will busy loop. I tracked this down to the SSL handling in main/iostream.c.
> I've attached a file that will help in reproducing this problem. You can test it against a running Asterisk 15 with the following:
> {noformat}
> cat reproduce.txt | openssl s_client -connect whatever.your.hostname.is.com:8089 -ign_eof
> {noformat}
> Once connected, just hit Ctrl-C and the Asterisk thread will start using 100% CPU.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list