[asterisk-bugs] [JIRA] (ASTERISK-28854) SIGSEGV when pjsip show history encounters IPV6 address
Roger James (JIRA)
noreply at issues.asterisk.org
Mon Apr 27 11:26:25 CDT 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Roger James updated ASTERISK-28854:
-----------------------------------
Description:
In res_pjsip_history.c
/*! \brief An item in the history */
struct pjsip_history_entry {
...
/*! \brief Source address */
pj_sockaddr_in src; This is only long enough to hold an ipv4 address
/*! \brief Destination address */
pj_sockaddr_in dst; Same herw
...
};
Calls like these oveflow the fields when an IPV6 address is encountered.
/*! \brief PJSIP callback when a SIP message is transmitted */
static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
{
struct pjsip_history_entry *entry;
...
pj_sockaddr_cp(&entry->src, &tdata->tp_info.transport->local_addr);
pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);
Result SIGSEGV.
Fix is.
/*! \brief Source address */
union {
pj_sockaddr_in src;
pj_dockaddr_in6 src6;
};
/*! \brief Destination address */
pj_sockaddr_in dst; Same fix here.
...
was:
In res_pjsip_history.c
/*! \brief An item in the history */
struct pjsip_history_entry {
...
/*! \brief Source address */
pj_sockaddr_in src; This is only long enough to hold an ipv4 address
/*! \brief Destination address */
pj_sockaddr_in dst; Same herw
...
};
Calls like these oveflow the fileds when an IPV6 address is encountered.
/*! \brief PJSIP callback when a SIP message is transmitted */
static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
{
struct pjsip_history_entry *entry;
...
pj_sockaddr_cp(&entry->src, &tdata->tp_info.transport->local_addr);
pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);
Result SIGSEGV.
Fix is.
/*! \brief Source address */
union {
pj_sockaddr_in src;
pj_dockaddr_in6 src6;
};
/*! \brief Destination address */
pj_sockaddr_in dst; Same fix here.
...
> SIGSEGV when pjsip show history encounters IPV6 address
> -------------------------------------------------------
>
> Key: ASTERISK-28854
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28854
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 17.3.0
> Environment: Linux
> Reporter: Roger James
> Severity: Trivial
>
> In res_pjsip_history.c
> /*! \brief An item in the history */
> struct pjsip_history_entry {
> ...
> /*! \brief Source address */
> pj_sockaddr_in src; This is only long enough to hold an ipv4 address
> /*! \brief Destination address */
> pj_sockaddr_in dst; Same herw
> ...
> };
> Calls like these oveflow the fields when an IPV6 address is encountered.
> /*! \brief PJSIP callback when a SIP message is transmitted */
> static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
> {
> struct pjsip_history_entry *entry;
> ...
> pj_sockaddr_cp(&entry->src, &tdata->tp_info.transport->local_addr);
> pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);
> Result SIGSEGV.
> Fix is.
> /*! \brief Source address */
> union {
> pj_sockaddr_in src;
> pj_dockaddr_in6 src6;
> };
> /*! \brief Destination address */
> pj_sockaddr_in dst; Same fix here.
> ...
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list