[asterisk-bugs] [JIRA] (ASTERISK-28402) res_pjsip_registrar: SEGV in registrar_find_contact
George Joseph (JIRA)
noreply at issues.asterisk.org
Thu May 2 13:30:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
George Joseph updated ASTERISK-28402:
-------------------------------------
Component/s: (was: Channels/chan_pjsip)
Resources/res_pjsip_registrar
Assignee: George Joseph
> res_pjsip_registrar: SEGV in registrar_find_contact
> ---------------------------------------------------
>
> Key: ASTERISK-28402
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28402
> Project: Asterisk
> Issue Type: Security
> Security Level: None
> Components: Resources/res_pjsip_registrar
> Affects Versions: 13.26.0, GIT
> Environment: CentOS 7
> Reporter: Ross Beer
> Assignee: George Joseph
> Severity: Blocker
> Labels: pjsip, security
>
> Multiple Asterisk instances all crashed when receiving a register from an endpoint with the same contact_uri:
> {noformat}
> contact_uri = 0x7fc601192540 "sip:<user>@<IP ADDRESS>:18278;transport=TCP;app-id=929724111839;pn-type=firebase;pn-tok=dm50F_axqHM:APA91bEcOCDKDjzqSaKJycnjVtunl7fV8tsf5ERUFxB6KWvppJNh-bN3NYhMVhrDgVyXy4Kf_bsasntpuKgJmIWyNMK0IEzd"...
> {noformat}
> This contact somehow leads to a null pointer being compared which causes an Asterisk segfault:
> {noformat}
> #0 0x00007fc8061bc189 in pjsip_url_compare (context=PJSIP_URI_IN_CONTACT_HDR, url1=0x7fc71fada0c8, url2=0x0) at ../src/pjsip/sip_uri.c:400
> {noformat}
> I
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list