[asterisk-bugs] [JIRA] (ASTERISK-28463) Asterisk crash with SIGSEV due a bad PJSIP aor contact
Juan Martin (JIRA)
noreply at issues.asterisk.org
Thu Jun 27 06:17:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juan Martin updated ASTERISK-28463:
-----------------------------------
Attachment: pjsip_endpoints.conf
backtrace_16.4.0.7z
backtrace_16.2.1.7z
Backtraces of the crash and complete endpoint configuration.
> Asterisk crash with SIGSEV due a bad PJSIP aor contact
> ------------------------------------------------------
>
> Key: ASTERISK-28463
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28463
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip
> Affects Versions: 16.2.1, 16.4.0
> Environment: Debian Stretch 9.9 (Intel x86_64)
> Reporter: Juan Martin
> Severity: Minor
> Labels: pjsip
> Attachments: backtrace_16.2.1.7z, backtrace_16.4.0.7z, pjsip_endpoints.conf
>
>
> Hi,
> I discovered that if you put a bad contact in the aor configuration, it crashes asterisk when the phone is registered, concretelly with segmentation fault (SIGSEGV).
> I tested it with 16.2.1 and it's also reproducible with 16.4.0.
> h5. Example:
> \[200]
> type=aor
> max_contacts=1
> {{contact=sip:200@*:5060}}
> qualify_frequency=60
> h6. If the phone is not connected it causes some errors but asterisk continue working:
> {{\[2019-06-27 12:08:48.462] ERROR\[20447]: res_pjsip.c:3859 create_out_of_dialog_request: Unable to create outbound OPTIONS request to endpoint 200 as URI 'sip:200@*:5060' is not valid}}
> {{\[2019-06-27 12:08:48.462] ERROR\[20447]: res_pjsip/pjsip_options.c:877 sip_options_qualify_contact: Unable to create request to qualify contact sip:200@*:5060 on AOR 200}}
> h6. Then, as soon as the phone registers in asterisk it crashes the main process:
> {{CLI> -- Added contact 'sip:200 at 192.168.75.102:5060' to AOR '200' with expiration of 3600 seconds}}
> {{Segmentation fault (`core' generated)}}
> h6. In syslog:
> {{Jun 26 13:48:43 desarrolloV3 kernel: asterisk\[2285]: segfault at 0 ip 00007fa597ec11f8 sp 00007fa592c1eb30 error 4 in res_pjsip_path.so\[7fa597ec0000+3000]}}
> {{Jun 26 13:48:43 desarrolloV3 kernel: Code: 8d 64 24 c8 48 8b 07 48 c7 45 c8 00 00 00 00 48 85 c0 74 05 80 38 00 75 11 48 8d 65 d8 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <48> 8b 06 48 89 fb 48 89 f7 ff 50 08 48 89 45 a8 49 89 c6 48 8b 40}}
> {{Jun 26 13:48:43 desarrolloV3 systemd\[1]: asterisk.service: Main process exited, code=killed, status=11/SEGV}}
> {{Jun 26 13:48:43 desarrolloV3 systemd\[1]: asterisk.service: Control process exited, code=exited status=1}}
> h5. Conclusion
> Avoiding the part of why there is a wildcard in the contact instead an IP address (contact=sip:200@*:5060), it's bad, I know, But I think that it should
> not crash the entire system a bad line in configuration.
> Write access to config files is required to exploit this problem. Severity: low.
> Perhaps you could include a filter when parsing the pjsip config files.
> If you remove the malformec contact line in the sample config, asterisk works fine.
> I'll upload the backtraces to provide more info about the crash.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list