[asterisk-bugs] [JIRA] (ASTERISK-28916) Memory leak with Asterisk 16 and malformed REGISTER requests

nappsoft (JIRA) noreply at issues.asterisk.org
Mon May 25 03:22:25 CDT 2020 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=250935#comment-250935 ] 

nappsoft commented on ASTERISK-28916:
-------------------------------------

I just tested a bit with a script sending register requests to the system with the following results:

- memory usage seems to grow quite fast when I am able to send enough register requests to the system so that asterisk consumes 100% cpu (so the queue for answering the register requests grows more and more I guess)
- I am able to let asterisk consume 400mb after 20-30 seconds sending register requests to the system
- with asterisk 13 I do not manage to let asterisk consume more than 100mb, not even when sending the requests from localhost

So it seems like asterisk 16 would need by far more performance for register requests?

> Memory leak with Asterisk 16 and malformed REGISTER requests
> ------------------------------------------------------------
>
>                 Key: ASTERISK-28916
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28916
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 16.7.0, 16.9.0, 16.10.0
>            Reporter: nappsoft
>
> We had several asterisk systems running out of memory yesterday during a DOS attack. All of these systems were running with Asterisk >=16.7.0, some with PJSIP 2.9, some already with 2.10
> Other machines with asterisk 13 have been attacked as well, however without running into any troubles. (That's why I guess that it's rather an asterisk issue than a PJSIP issue).
> The register messages with which the systems got attacked were obviously broken and looked like bellow (IP replaced with xx.xx). What should be noticed:
> - there was no CRLF after the headers
> - the Content-Type of the register is set to applicatoin/sdp
> - the user-agent was empty
> REGISTER sip:220 at x.x.x.x SIP/2.0
> To: 220 <sip:220 at x.x.x.x>
> From:  <sip:220 at x.x.x.x>;tag=0c26cd11
> Via: SIP/2.0/UDP x.x.x.x:53716;branch=s8rinbit1zv039o5imke6y3vyvi91fizpvjnepn6l3kh7a9u6t2isdw89uhuqui2hb825f5;rport
> Call-ID: e08c2ff23aa7495abd86575f1a294b1b
> CSeq: 1 REGISTER
> Contact: <sip:220 at x.x.x.x:53716>
> User-Agent: 
> Max-forwards: 70
> Allow: INVITE, ACK, CANCEL, BYE, REFER
> Content-Type: application/sdp



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list