[asterisk-bugs] [JIRA] (ASTERISK-30035) ari: bridge addChannel race condition causes segfault
Richard Johnson (JIRA)
noreply at issues.asterisk.org
Thu Apr 28 07:52:40 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Johnson updated ASTERISK-30035:
---------------------------------------
Description:
There is a race condition when calling /bridges/xx/addChannel which results in asterisk crashing.
Here is some example code to reproduce the issue:
https://gist.github.com/rjohnsondev/babfd730d0076eb7c3404cd8c0c85d3d
PJSUA was used as a quick client to test against: {{./pjsua-x86_64-unknown-linux-gnu --color --realm=\* --no-tcp --auto-answer=200 --max-calls=4}}
The issue appears to be when https://github.com/asterisk/asterisk/blob/master/res/stasis/control.c#L1335 removes the bridge_features on the channel control while performing the swap in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L230
If a secondary request to move the channel to a different bridge while this is happening, the bridge_features on the control for the channel will be NULL while attempting to update the features in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L222
was:
There is a race condition when calling /bridges/xx/addChannel which results in asterisk crashing.
Here is some example code to reproduce the issue:
https://gist.github.com/rjohnsondev/babfd730d0076eb7c3404cd8c0c85d3d
The issue appears to be when https://github.com/asterisk/asterisk/blob/master/res/stasis/control.c#L1335 removes the bridge_features on the channel control while performing the swap in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L230
If a secondary request to move the channel to a different bridge while this is happening, the bridge_features on the control for the channel will be NULL while attempting to update the features in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L222
> ari: bridge addChannel race condition causes segfault
> -----------------------------------------------------
>
> Key: ASTERISK-30035
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30035
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_stasis, Resources/res_ari, Resources/res_ari_bridges
> Affects Versions: 18.11.1, 18.11.2
> Environment: linux debian buster
> Reporter: Richard Johnson
> Assignee: Unassigned
> Severity: Major
> Attachments: core-asterisk-2022-04-28T03-09-04Z-brief.txt, core-asterisk-2022-04-28T03-09-17Z-brief.txt, core-asterisk-2022-04-28T04-14-03Z-brief.txt, main.py
>
>
> There is a race condition when calling /bridges/xx/addChannel which results in asterisk crashing.
> Here is some example code to reproduce the issue:
> https://gist.github.com/rjohnsondev/babfd730d0076eb7c3404cd8c0c85d3d
> PJSUA was used as a quick client to test against: {{./pjsua-x86_64-unknown-linux-gnu --color --realm=\* --no-tcp --auto-answer=200 --max-calls=4}}
> The issue appears to be when https://github.com/asterisk/asterisk/blob/master/res/stasis/control.c#L1335 removes the bridge_features on the channel control while performing the swap in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L230
> If a secondary request to move the channel to a different bridge while this is happening, the bridge_features on the control for the channel will be NULL while attempting to update the features in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L222
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list