[asterisk-bugs] [JIRA] (ASTERISK-28854) SIGSEGV when pjsip show history encounters IPV6 address

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Mon Apr 27 15:40:25 CDT 2020


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Harwell updated ASTERISK-28854:
-------------------------------------

    Description: 
In  res_pjsip_history.c
{noformat}
/*! \brief An item in the history */
struct pjsip_history_entry {
...
/*! \brief Source address */
pj_sockaddr_in src; This is only long enough to hold an ipv4 address
	/*! \brief Destination address */
	pj_sockaddr_in dst; Same herw
       ...
};
{noformat}
Calls like these oveflow the fields when an IPV6 address is encountered.
{noformat}
/*! \brief PJSIP callback when a SIP message is transmitted */
static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
{
        struct pjsip_history_entry *entry;
        ...
        pj_sockaddr_cp(&entry->src, &tdata->tp_info.transport->local_addr);
        pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);
{noformat}
Result SIGSEGV.

*EDIT*: Removed inline patch




  was:
In  res_pjsip_history.c

/*! \brief An item in the history */
struct pjsip_history_entry {
...
/*! \brief Source address */
pj_sockaddr_in src; This is only long enough to hold an ipv4 address
	/*! \brief Destination address */
	pj_sockaddr_in dst; Same herw
       ...
};

Calls like these oveflow the fields when an IPV6 address is encountered.

/*! \brief PJSIP callback when a SIP message is transmitted */
static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
{
        struct pjsip_history_entry *entry;
        ...
        pj_sockaddr_cp(&entry->src, &tdata->tp_info.transport->local_addr);
        pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);

Result SIGSEGV.

*EDIT*: Removed inline patch





> SIGSEGV when pjsip show history encounters IPV6 address
> -------------------------------------------------------
>
>                 Key: ASTERISK-28854
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28854
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 17.3.0
>         Environment: Linux
>            Reporter: Roger James
>            Severity: Trivial
>
> In  res_pjsip_history.c
> {noformat}
> /*! \brief An item in the history */
> struct pjsip_history_entry {
> ...
> /*! \brief Source address */
> pj_sockaddr_in src; This is only long enough to hold an ipv4 address
> 	/*! \brief Destination address */
> 	pj_sockaddr_in dst; Same herw
>        ...
> };
> {noformat}
> Calls like these oveflow the fields when an IPV6 address is encountered.
> {noformat}
> /*! \brief PJSIP callback when a SIP message is transmitted */
> static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
> {
>         struct pjsip_history_entry *entry;
>         ...
>         pj_sockaddr_cp(&entry->src, &tdata->tp_info.transport->local_addr);
>         pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);
> {noformat}
> Result SIGSEGV.
> *EDIT*: Removed inline patch



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list