[asterisk-bugs] [JIRA] (ASTERISK-28916) Memory leak with Asterisk 16 and malformed REGISTER requests

Mon May 25 01:44:25 CDT 2020

nappsoft created ASTERISK-28916:
-----------------------------------

             Summary: Memory leak with Asterisk 16 and malformed REGISTER requests
                 Key: ASTERISK-28916
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28916
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip
    Affects Versions: 16.10.0, 16.9.0, 16.7.0
            Reporter: nappsoft

We had several asterisk systems running out of memory yesterday during a DOS attack. All of these systems were running with Asterisk >=16.7.0, some with PJSIP 2.9, some already with 2.10

Other machines with asterisk 13 have been attacked as well, however without running into any troubles. (That's why I guess that it's rather an asterisk issue than a PJSIP issue).

The register messages with which the systems got attacked were obviously broken and looked like bellow (IP replaced with xx.xx). What should be noticed:

- there was no CRLF after the headers
- the Content-Type of the register is set to applicatoin/sdp
- the user-agent was empty

REGISTER sip:220 at x.x.x.x SIP/2.0
To: 220 <sip:220 at x.x.x.x>
From:  <sip:220 at x.x.x.x>;tag=0c26cd11
Via: SIP/2.0/UDP x.x.x.x:53716;branch=s8rinbit1zv039o5imke6y3vyvi91fizpvjnepn6l3kh7a9u6t2isdw89uhuqui2hb825f5;rport
Call-ID: e08c2ff23aa7495abd86575f1a294b1b
CSeq: 1 REGISTER
Contact: <sip:220 at x.x.x.x:53716>
User-Agent: 
Max-forwards: 70
Allow: INVITE, ACK, CANCEL, BYE, REFER
Content-Type: application/sdp

--
This message was sent by Atlassian JIRA
(v6.2#6252)