[asterisk-bugs] [JIRA] (ASTERISK-17591) [patch] Remote bridging of certain IPs causes segfault

Asterisk Team (JIRA) noreply at issues.asterisk.org
Tue Jan 2 08:41:57 CST 2018 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-17591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-17591:
-------------------------------------

    Assignee: Joshua Colp  (was: naomi)
      Status: Open  (was: Waiting for Feedback)

> [patch] Remote bridging of certain IPs causes segfault
> ------------------------------------------------------
>
>                 Key: ASTERISK-17591
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-17591
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Core/Netsock
>    Affects Versions: 1.8.4
>            Reporter: naomi
>            Assignee: Joshua Colp
>            Severity: Critical
>              Labels: patch
>         Attachments: backtrace.txt, full, issue19009_no_bail_on_no_200_contact.patch
>
>
> When remotely bridging two SIP channels, Asterisk dies with a segfault.
> I can reproduce this reliably (on about every second call) with one particular DDI and one particular outgoing SIP trunk, and never otherwise. 
> There seems to be a null pointer passed to ast_sockaddr_resolve in netsock.c when it happens.
> I fear this may be a re-emergence of a bug that was mentioned in a Linux security tracker in 2007:
> http://www.linuxsecurity.com/content/view/128447
> ****** ADDITIONAL INFORMATION ******
> On calls that work, I can see the host and port being handled correctly
> [2011-03-22 11:17:22] DEBUG[4490] chan_sip.c: Updating call counter for incoming call
> [2011-03-22 11:17:22] DEBUG[4490] netsock2.c: Splitting '83.245.1.136:5061' gives...
> [2011-03-22 11:17:22] DEBUG[4490] netsock2.c: ...host '83.245.1.136' and port '5061'.
> But on ones that crash Asterisk we usually get this instead:
> [2011-03-22 11:17:48] DEBUG[4490] chan_sip.c: Updating call counter for incoming call
> [2011-03-22 11:17:48] WARNING[4490] chan_sip.c: Invalid contact uri  (missing sip: or sips:), attempting to use anyway
> We do not always get the Invalid contact uri message, but I suspect that's because it sometimes crashes before it has time to output it.
> I can see from the backtrace that at this point 0x0 is being passed into the str parameter for ast_sockaddr_resolve:
> #1  0x00000000004f88dd in ast_sockaddr_resolve (addrs=0x7fb5dffb7770, str=0x0, flags=0, family=2) at netsock2.c:235
> From the Asterisk docs I can see that str is a pointer to a string containing the host and port.
> ast_sockaddr_resolve (struct ast_sockaddr **addrs, const char *str, int flags, int family)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list