[asterisk-bugs] [JIRA] (ASTERISK-27807) iostreams: Potential DoS when client connection closed prematurely
Kevin Harwell (JIRA)
noreply at issues.asterisk.org
Mon Jun 11 16:56:54 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Harwell updated ASTERISK-27807:
-------------------------------------
Security: (was: Reporter, Bug Marshals, and Digium)
> iostreams: Potential DoS when client connection closed prematurely
> ------------------------------------------------------------------
>
> Key: ASTERISK-27807
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27807
> Project: Asterisk
> Issue Type: Security
> Components: Core/HTTP
> Affects Versions: 15.3.0
> Reporter: Sean Bright
> Severity: Blocker
> Labels: security
> Target Release: 15.4.1
>
> Attachments: AST-2018-007.pdf, reproduce.txt
>
>
> Before Asterisk sends an HTTP response (at least in the case of errors), it attempts to read & discard the content of the request. If the client lies about the Content-Length, or the connection is closed from the client side before "Content-Length" bytes are sent, the request handling thread will busy loop. I tracked this down to the SSL handling in main/iostream.c.
> I've attached a file that will help in reproducing this problem. You can test it against a running Asterisk 15 with the following:
> {noformat}
> cat reproduce.txt | openssl s_client -connect whatever.your.hostname.is.com:8089 -ign_eof
> {noformat}
> Once connected, just hit Ctrl-C and the Asterisk thread will start using 100% CPU.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list