[asterisk-bugs] [JIRA] (ASTERISK-28402) res_pjsip_registrar: SEGV in registrar_find_contact

George Joseph (JIRA) noreply at issues.asterisk.org
Thu May 2 14:00:47 CDT 2019 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=247062#comment-247062 ] 

George Joseph edited comment on ASTERISK-28402 at 5/2/19 2:00 PM:
------------------------------------------------------------------

We can't reproduce this but the backtraces confirm that the return from pjsip_parse_uri was NULL even though the uri being parsed was perfectly valid.  Since we weren't checking for the NULL, the call to pjsip_uri_cmp SEGVd.

Patch to check the return is in progress.





was (Author: gtj):
We can't reproduce this but the backtraces confirm that the return from pjsip_parse_hdr was NULL even though the uri being parsed was perfectly valid.  Since we weren't checking for the NULL, the call to pjsip_uri_cmp SEGVd.

Patch to check the return is in progress.




> res_pjsip_registrar: SEGV in registrar_find_contact
> ---------------------------------------------------
>
>                 Key: ASTERISK-28402
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28402
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_registrar
>    Affects Versions: 13.26.0, GIT
>         Environment: CentOS 7
>            Reporter: Ross Beer
>            Assignee: George Joseph
>              Labels: pjsip
>
> Multiple Asterisk instances all crashed when receiving a register from an endpoint with the same contact_uri:
> {noformat}
> contact_uri = 0x7fc601192540 "sip:<user>@<IP ADDRESS>:18278;transport=TCP;app-id=929724111839;pn-type=firebase;pn-tok=dm50F_axqHM:APA91bEcOCDKDjzqSaKJycnjVtunl7fV8tsf5ERUFxB6KWvppJNh-bN3NYhMVhrDgVyXy4Kf_bsasntpuKgJmIWyNMK0IEzd"...
> {noformat}
> This contact somehow leads to a null pointer being compared which causes an Asterisk segfault:
> {noformat}
> #0  0x00007fc8061bc189 in pjsip_url_compare (context=PJSIP_URI_IN_CONTACT_HDR, url1=0x7fc71fada0c8, url2=0x0) at ../src/pjsip/sip_uri.c:400
> {noformat}
> I



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list