[asterisk-bugs] [JIRA] (ASTERISK-29888) res_pjsip_outbound_authenticator_digest: SEGV attempting to clean up auth_sess

George Joseph (JIRA) noreply at issues.asterisk.org
Mon Jan 31 07:04:06 CST 2022 

George Joseph created ASTERISK-29888:
----------------------------------------

             Summary: res_pjsip_outbound_authenticator_digest: SEGV attempting to clean up auth_sess
                 Key: ASTERISK-29888
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29888
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip_outbound_authenticator_digest
    Affects Versions: 19.1.0, 18.9.0, 16.23.0
            Reporter: George Joseph


{code}
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#1  0x00007fb396fdd8b3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007fb396f906a6 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007fb396f7a7d3 in __GI_abort () at abort.c:79
#4  0x00007fb396f7a6fb in __assert_fail_base (fmt=<optimized out>, assertion=<optimized out>, file=<optimized out>, line=<optimized out>, function=<optimized out>) at assert.c:92
#5  0x00007fb396f89396 in __GI___assert_fail (assertion=assertion at entry=0x7fb397dfb2c7 "sess && sess->endpt", file=file at entry=0x7fb397dfaf58 "../src/pjsip/sip_auth_client.c", line=line at entry=523, function=function at entry=0x7fb397dfb400 <__PRETTY_FUNCTION__.7> "pjsip_auth_clt_deinit") at assert.c:101
#6  0x00007fb397d5a4d4 in pjsip_auth_clt_deinit (sess=sess at entry=0x7fb3356b26c0) at ../src/pjsip/sip_auth_client.c:523
#7  0x00007fb39469c5aa in digest_create_request_with_auth (auth_ids_vector=<optimized out>, challenge=0x7fb2f8127648, old_request=0x7fb2fc0064c8, new_request=0x7fb3356b27c8) at res_pjsip_outbound_authenticator_digest.c:567
#8  0x00007fb394685342 in handle_registration_response (data=0x7fb2f800fdc0) at res_pjsip_outbound_registration.c:1093
#9  0x0000000000596567 in ast_taskprocessor_execute (tps=tps at entry=0x7fb2f8148530) at taskprocessor.c:1235
#10 0x000000000059c840 in execute_tasks (data=0x7fb2f8148530) at threadpool.c:1350
#11 0x0000000000596567 in ast_taskprocessor_execute (tps=0x1d64fc0) at taskprocessor.c:1235
#12 0x000000000059d330 in threadpool_execute (pool=0x1d63a30) at threadpool.c:367
#13 worker_active (worker=0x7fb300000bd0) at threadpool.c:1137
#14 worker_start (arg=arg at entry=0x7fb300000bd0) at threadpool.c:1056
#15 0x00000000005a467a in dummy_start (data=<optimized out>) at utils.c:1572
#16 0x00007fb396fdba87 in start_thread (arg=<optimized out>) at pthread_create.c:435
#17 0x00007fb397060640 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
{code}

Very corner case where a reload was done that deleted an endpoint and its companion outbound registration and auth.   Only happens in dev-mode.

* The auth got deleted first.
* The registration tried to unregister with the remote system, got a 401.
* Tried to get the auths which didn't exist anymore.
* Failed and skipped to its cleanup step.
* Tried to call pjsip_auth_clt_deinit() with a session that wasn't initialized.
* Which pjsip_auth_clt_deinit() detected and aborted.

Simple fix to not call pjsip_auth_clt_deinit() if teh session was never initialized.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list