[asterisk-bugs] [JIRA] (ASTERISK-28463) Asterisk crash with SIGSEV due a bad PJSIP aor contact

Juan Martin (JIRA) noreply at issues.asterisk.org
Thu Jun 27 06:17:47 CDT 2019


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juan Martin updated ASTERISK-28463:
-----------------------------------

    Attachment: pjsip_endpoints.conf
                backtrace_16.4.0.7z
                backtrace_16.2.1.7z

Backtraces of the crash and complete endpoint configuration.

> Asterisk crash with SIGSEV due a bad PJSIP aor contact
> ------------------------------------------------------
>
>                 Key: ASTERISK-28463
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28463
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 16.2.1, 16.4.0
>         Environment: Debian Stretch 9.9 (Intel x86_64)
>            Reporter: Juan Martin
>            Severity: Minor
>              Labels: pjsip
>         Attachments: backtrace_16.2.1.7z, backtrace_16.4.0.7z, pjsip_endpoints.conf
>
>
> Hi,
> I discovered that if you put a bad contact in the aor configuration, it crashes asterisk when the phone is registered, concretelly with  segmentation fault (SIGSEGV).
> I tested it with 16.2.1 and it's also reproducible with 16.4.0.
> h5. Example:
> \[200]
> type=aor
> max_contacts=1
> {{contact=sip:200@*:5060}}
> qualify_frequency=60
> h6. If the phone is not connected it causes some errors but asterisk continue working:
> {{\[2019-06-27 12:08:48.462] ERROR\[20447]: res_pjsip.c:3859 create_out_of_dialog_request: Unable to create outbound OPTIONS request to endpoint 200 as URI 'sip:200@*:5060' is not valid}}
> {{\[2019-06-27 12:08:48.462] ERROR\[20447]: res_pjsip/pjsip_options.c:877 sip_options_qualify_contact: Unable to create request to qualify contact sip:200@*:5060 on AOR 200}}
> h6. Then, as soon as the phone registers in asterisk it crashes the main process:
> {{CLI>     -- Added contact 'sip:200 at 192.168.75.102:5060' to AOR '200' with expiration of 3600 seconds}}
> {{Segmentation fault (`core' generated)}}
> h6. In syslog:
> {{Jun 26 13:48:43 desarrolloV3 kernel: asterisk\[2285]: segfault at 0 ip 00007fa597ec11f8 sp 00007fa592c1eb30 error 4 in res_pjsip_path.so\[7fa597ec0000+3000]}}
> {{Jun 26 13:48:43 desarrolloV3 kernel: Code: 8d 64 24 c8 48 8b 07 48 c7 45 c8 00 00 00 00 48 85 c0 74 05 80 38 00 75 11 48 8d 65 d8 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <48> 8b 06 48 89 fb 48 89 f7 ff 50 08 48 89 45 a8 49 89 c6 48 8b 40}}
> {{Jun 26 13:48:43 desarrolloV3 systemd\[1]: asterisk.service: Main process exited, code=killed, status=11/SEGV}}
> {{Jun 26 13:48:43 desarrolloV3 systemd\[1]: asterisk.service: Control process exited, code=exited status=1}}
> h5. Conclusion
> Avoiding the part of why there is a wildcard in the contact instead an IP address (contact=sip:200@*:5060), it's bad, I know, But I think that it should 
> not crash the entire system a bad line in configuration.
> Write access to config files is required to exploit this problem. Severity: low.
> Perhaps you could include a filter when parsing the pjsip config files.
> If you remove the malformec contact line in the sample config, asterisk works fine.
> I'll upload the backtraces to provide more info about the crash.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list