[asterisk-bugs] [JIRA] (ASTERISK-26131) chan_sip: Crash Asterisk (in sip_request_call at chan_sip.c) by making a call to a single character in a dot pattern match
Kevin Harwell (JIRA)
noreply at issues.asterisk.org
Mon Apr 1 13:24:03 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-26131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Harwell updated ASTERISK-26131:
-------------------------------------
Target Release Version/s: 16.3.0
> chan_sip: Crash Asterisk (in sip_request_call at chan_sip.c) by making a call to a single character in a dot pattern match
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-26131
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26131
> Project: Asterisk
> Issue Type: Bug
> Components: Channels/chan_sip/General
> Reporter: Dwayne Hubbard
> Assignee: Unassigned
> Labels: patch
> Target Release: 13.19.0, 15.2.0, 16.0.0, 16.3.0
>
> Attachments: backtrace.txt, dw-asterisk-11.17.1-dnid-crash.patch, dw-asterisk-master-dnid-crash.patch, extensions.conf, full.txt, logger.conf, messages.txt, modules.conf, rtp.conf, sip.conf
>
>
> I believe I may have found a potential security issue in Asterisk 11.17.1, 13.6.0, as well as Asterisk GIT-master-7c59f21. A soft phone user can crash Asterisk by making a call to a single character - '!' - which is stripped during DNID parsing resulting in an attempt to call AST_NONSTANDARD_APP_ARGS on an empty string. I was able to reproduce this using Blink, Zoiper, and MicroSIP against Asterisk 11.17.1, 13.6.0, as well as the GIT master revision above. Please see the attached patches for proposed fixes. I have signed the Source Code License Agreement multiple times, most recently under username 'dwayne'. Please let me know if there is anything else I can provide.
> Thanks!
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list