[asterisk-bugs] [JIRA] (ASTERISK-29024) Route Header in Cancel request incorrectly set

Fri Aug 7 17:45:43 CDT 2020

Flole Systems created ASTERISK-29024:
----------------------------------------

             Summary: Route Header in Cancel request incorrectly set
                 Key: ASTERISK-29024
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29024
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: pjproject/pjsip
    Affects Versions: 17.6.0
            Reporter: Flole Systems

When I initiate a call using PJSIP and Cancel the call while it's still ringing the Route-Header seems to be sent incorrectly. It looks like it's a pointer to a memory region that got overwritten. I saw internal IP Addresses in there aswell as some other stuff like "Route: <sip:}". The "Route: <sip:" is always set properly, just the part after the sip is never set correctly and also the closing ">" is always missing.

As the memory region that it reads from can't be controlled it might happen that confidential data like a password is exposed over this.

--
This message was sent by Atlassian JIRA
(v6.2#6252)