[asterisk-bugs] [JIRA] (ASTERISK-28454) res_fax.c UTF-8 validation for remotestationid and pbx_builtin_setvar_helper
Jodi Jones (JIRA)
noreply at issues.asterisk.org
Wed Jun 19 16:23:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jodi Jones updated ASTERISK-28454:
----------------------------------
Description:
A UTF-8 validation needs to be added to https://github.com/asterisk/asterisk/blob/master/res/res_fax.c#L1450, invalid utf-8 causes a segfault via json
IE
```
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/sbin/asterisk(ast_channel_publish_varset+0x2b) [0x57dd2b]
# 2: /usr/sbin/asterisk(pbx_builtin_setvar_helper+0x123) [0x533f13]
# 3: /usr/lib/asterisk/modules/res_fax.so(+0x3de2) [0x7fdfe67a2de2]
# 4: /usr/lib/asterisk/modules/res_fax.so(+0x95a7) [0x7fdfe67a85a7]
# 5: /usr/lib/asterisk/modules/res_fax.so(+0x10df5) [0x7fdfe67afdf5]
# 6: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 7: /usr/sbin/asterisk() [0x51e6d5]
# 8: /usr/sbin/asterisk() [0x520744]
# 9: /usr/sbin/asterisk() [0x521ccb]
#10: /usr/sbin/asterisk() [0x59e179]
#11: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
#12: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
[Jun 10 17:08:51] ERROR[12545][C-00000002] stasis_channels.c: Error creating message
[Jun 10 17:08:51] ERROR[12545][C-00000002] json.c: Error building JSON from '{s: s, s: s, s: s, s: s, s: s, s: s, s: o}': Invalid UTF-8 string.
[Jun 10 17:08:51] ERROR[12545][C-00000002] : Got 10 backtrace records
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/lib/asterisk/modules/res_fax.so(+0x50c8) [0x7fdfe67a40c8]
# 2: /usr/lib/asterisk/modules/res_fax.so(+0x10e4a) [0x7fdfe67afe4a]
# 3: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 4: /usr/sbin/asterisk() [0x51e6d5]
# 5: /usr/sbin/asterisk() [0x520744]
# 6: /usr/sbin/asterisk() [0x521ccb]
# 7: /usr/sbin/asterisk() [0x59e179]
# 8: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
# 9: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
```
Here is the character in question from the FAXOPT
```
[Jun 10 17:08:51] VERBOSE[12545][C-00000002] pbx.c: Executing [h at fax-rx:9] NoOp("SIP/VIBE-XC5-XS1-00000001", "FAXOPT(remotestationid) : ▒▒▒▒ ") in new stack
```
Validated segfault goes away by not referencing `details->remotestationid` and using a static string in the function `set_channel_variables` of res_fax.c.
Band-aid solution for our production environment (i understand this is not a proper fix)
```
//pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR(details->remotestationid, NULL));
pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR("utf8_bypass", NULL));
```
We were getting several segfaults an hour when receiving fax's with dodgy remote station id's... we haven't had a single segfault since applying this work around.
was:
A UTF-8 validation needs to be added to https://github.com/asterisk/asterisk/blob/master/res/res_fax.c#L1450, invalid utf-8 causes a segfault via json
IE
```
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/sbin/asterisk(ast_channel_publish_varset+0x2b) [0x57dd2b]
# 2: /usr/sbin/asterisk(pbx_builtin_setvar_helper+0x123) [0x533f13]
# 3: /usr/lib/asterisk/modules/res_fax.so(+0x3de2) [0x7fdfe67a2de2]
# 4: /usr/lib/asterisk/modules/res_fax.so(+0x95a7) [0x7fdfe67a85a7]
# 5: /usr/lib/asterisk/modules/res_fax.so(+0x10df5) [0x7fdfe67afdf5]
# 6: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 7: /usr/sbin/asterisk() [0x51e6d5]
# 8: /usr/sbin/asterisk() [0x520744]
# 9: /usr/sbin/asterisk() [0x521ccb]
#10: /usr/sbin/asterisk() [0x59e179]
#11: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
#12: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
[Jun 10 17:08:51] ERROR[12545][C-00000002] stasis_channels.c: Error creating message
[Jun 10 17:08:51] ERROR[12545][C-00000002] json.c: Error building JSON from '{s: s, s: s, s: s, s: s, s: s, s: s, s: o}': Invalid UTF-8 string.
[Jun 10 17:08:51] ERROR[12545][C-00000002] : Got 10 backtrace records
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/lib/asterisk/modules/res_fax.so(+0x50c8) [0x7fdfe67a40c8]
# 2: /usr/lib/asterisk/modules/res_fax.so(+0x10e4a) [0x7fdfe67afe4a]
# 3: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 4: /usr/sbin/asterisk() [0x51e6d5]
# 5: /usr/sbin/asterisk() [0x520744]
# 6: /usr/sbin/asterisk() [0x521ccb]
# 7: /usr/sbin/asterisk() [0x59e179]
# 8: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
# 9: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
```
Here is the character in question from the FAXOPT
```
[Jun 10 17:08:51] VERBOSE[12545][C-00000002] pbx.c: Executing [h at fax-rx:9] NoOp("SIP/VIBE-XC5-XS1-00000001", "FAXOPT(remotestationid) : ▒▒▒▒ ") in new stack
```
Validated segfault goes away by not referencing `details->remotestationid` and using a static string in the function `set_channel_variables` of res_fax.c.
Band-aid solution for our production environment (i understand this is not a proper fix)
```
//pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR(details->remotestationid, NULL));
pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR("utf8_bypass", NULL));
```
We were getting several segfaults an hour when receiving fax's with dodgy remote station id's... we haven't had a single segfault since applying this work around.
> res_fax.c UTF-8 validation for remotestationid and pbx_builtin_setvar_helper
> ----------------------------------------------------------------------------
>
> Key: ASTERISK-28454
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28454
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_fax
> Affects Versions: 16.4.0
> Environment: Linux
> Reporter: Jodi Jones
> Labels: fax
>
> A UTF-8 validation needs to be added to https://github.com/asterisk/asterisk/blob/master/res/res_fax.c#L1450, invalid utf-8 causes a segfault via json
> IE
> ```
> # 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
> # 1: /usr/sbin/asterisk(ast_channel_publish_varset+0x2b) [0x57dd2b]
> # 2: /usr/sbin/asterisk(pbx_builtin_setvar_helper+0x123) [0x533f13]
> # 3: /usr/lib/asterisk/modules/res_fax.so(+0x3de2) [0x7fdfe67a2de2]
> # 4: /usr/lib/asterisk/modules/res_fax.so(+0x95a7) [0x7fdfe67a85a7]
> # 5: /usr/lib/asterisk/modules/res_fax.so(+0x10df5) [0x7fdfe67afdf5]
> # 6: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
> # 7: /usr/sbin/asterisk() [0x51e6d5]
> # 8: /usr/sbin/asterisk() [0x520744]
> # 9: /usr/sbin/asterisk() [0x521ccb]
> #10: /usr/sbin/asterisk() [0x59e179]
> #11: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
> #12: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
> [Jun 10 17:08:51] ERROR[12545][C-00000002] stasis_channels.c: Error creating message
> [Jun 10 17:08:51] ERROR[12545][C-00000002] json.c: Error building JSON from '{s: s, s: s, s: s, s: s, s: s, s: s, s: o}': Invalid UTF-8 string.
> [Jun 10 17:08:51] ERROR[12545][C-00000002] : Got 10 backtrace records
> # 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
> # 1: /usr/lib/asterisk/modules/res_fax.so(+0x50c8) [0x7fdfe67a40c8]
> # 2: /usr/lib/asterisk/modules/res_fax.so(+0x10e4a) [0x7fdfe67afe4a]
> # 3: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
> # 4: /usr/sbin/asterisk() [0x51e6d5]
> # 5: /usr/sbin/asterisk() [0x520744]
> # 6: /usr/sbin/asterisk() [0x521ccb]
> # 7: /usr/sbin/asterisk() [0x59e179]
> # 8: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
> # 9: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
> ```
> Here is the character in question from the FAXOPT
> ```
> [Jun 10 17:08:51] VERBOSE[12545][C-00000002] pbx.c: Executing [h at fax-rx:9] NoOp("SIP/VIBE-XC5-XS1-00000001", "FAXOPT(remotestationid) : ▒▒▒▒ ") in new stack
> ```
> Validated segfault goes away by not referencing `details->remotestationid` and using a static string in the function `set_channel_variables` of res_fax.c.
> Band-aid solution for our production environment (i understand this is not a proper fix)
> ```
> //pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR(details->remotestationid, NULL));
> pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR("utf8_bypass", NULL));
> ```
> We were getting several segfaults an hour when receiving fax's with dodgy remote station id's... we haven't had a single segfault since applying this work around.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list