[asterisk-bugs] [JIRA] (ASTERISK-30259) ari: Crash on missing JSON validation in push registration

Thomas Guebels (JIRA) noreply at issues.asterisk.org
Mon Oct 10 05:21:09 CDT 2022 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-30259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Guebels updated ASTERISK-30259:
--------------------------------------

    Description: 
When creating a new outbound registration using ARI push method, an unexpected JSON body can easily trigger a crash.

The code expects "attribute" and "value" to be present and to be string in the objects of the field array.

So anything not in the form 
{code}
[
  {
    "attribute": "string",
    "value": "string"
  },
]
{code}

will trigger it. Example: 
{code}
[
  {
    "attribute": "string",
    "value": 123
  },
]
{code}
or
{code}
[
  {
  },
]
{code}

  was:
When creating a new outbound registration using ARI push method, an unexpected JSON body can easily trigger a crash.

The code expects "attribute" and "value" to be present and to be string in the objects of the field array.

So anything not in the form 
[
  {
    "attribute": "string",
    "value": "string"
  },
]

will trigger it. Example: 
[
  {
    "attribute": "string",
    "value": 123
  },
]
or
[
  {
  },
]


> ari: Crash on missing JSON validation in push registration
> ----------------------------------------------------------
>
>                 Key: ASTERISK-30259
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30259
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_ari, Resources/res_pjsip_outbound_registration
>    Affects Versions: 18.14.0
>            Reporter: Thomas Guebels
>            Assignee: Thomas Guebels
>
> When creating a new outbound registration using ARI push method, an unexpected JSON body can easily trigger a crash.
> The code expects "attribute" and "value" to be present and to be string in the objects of the field array.
> So anything not in the form 
> {code}
> [
>   {
>     "attribute": "string",
>     "value": "string"
>   },
> ]
> {code}
> will trigger it. Example: 
> {code}
> [
>   {
>     "attribute": "string",
>     "value": 123
>   },
> ]
> {code}
> or
> {code}
> [
>   {
>   },
> ]
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list