[Asterisk-Dev] chan_sip crash w/ Refer [patch]

Jared Mauch jared at puck.nether.net
Mon Jun 13 21:09:44 MST 2005 

	so, I have the hitach WIP-5000 (1.5.8) and asterisk
crashes with refer from it because it doesn't include a refered-by
header.  while i'm not here to argue the case of the sip-ua, i'd
rather not have asterisk crash.. so please see included diffs 
that will keep it from writing a core.

	basically, doesn't do pointer math in the case of null and
doesn't do ast_copy_string in the case of null.

	fyi, this is the refer:  (one IP obscured, if you really want
to make my hitachi ring or ping it, i guess you're welcome to :) )

(gdb) print req->header
$6 = {0x405b6348 "REFER", 
  0x405b636e "Via: SIP/2.0/UDP 204.42.254.204:5060;branch=z9hG4bK1560460805", 
  0x405b63ad "From: <sip:jmauch01 at 204.42.254.204>;tag=235127373", 
  0x405b63e0 "To: \"Jared Mauch\" <sip:1005 at 10.255>;tag=as2a267521", 
  0x405b641b "Call-ID: 67dc6555424d9ad814a31d8d73671f2e at 10.255", 
  0x405b6454 "CSeq: 104 REFER", 
  0x405b6465 "Refer-To: <sip:600 at 10.255>", 
  0x405b6488 "Contact: <sip:jmauch01 at 204.42.254.204>", 
  0x405b64b0 "Max-Forwards: 70", 0x405b64c2 "Content-Length: 0", 
  0x405b64d5 "", 0x0 <repeats 53 times>}


	- jared

Index: chan_sip.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_sip.c,v
retrieving revision 1.759
diff -u -r1.759 chan_sip.c
--- chan_sip.c	9 Jun 2005 22:41:18 -0000	1.759
+++ chan_sip.c	14 Jun 2005 04:01:33 -0000
@@ -5859,9 +5859,11 @@
 		referred_by = NULL;
 	}
 
-	refer_to += 4;
-	referred_by += 4;
-	
+	if (refer_to)
+		refer_to += 4;
+
+	if (referred_by)
+		referred_by += 4;
 	
 	if ((ptr = strchr(refer_to, '?'))) {
 		/* Search for arguments */
@@ -5930,7 +5932,8 @@
 			ast_log(LOG_DEBUG,"Transferred by  (Referred-by: ) %s \n", referred_by);
 		ast_log(LOG_DEBUG,"Transfer Contact Info %s (REFER_CONTACT)\n", h_contact);
 		ast_copy_string(sip_pvt->refer_to, refer_to, sizeof(sip_pvt->refer_to));
-		ast_copy_string(sip_pvt->referred_by, referred_by, sizeof(sip_pvt->referred_by));
+		if (referred_by)
+			ast_copy_string(sip_pvt->referred_by, referred_by, sizeof(sip_pvt->referred_by));
 		if (h_contact) {
 			ast_copy_string(sip_pvt->refer_contact, h_contact, sizeof(sip_pvt->refer_contact));
 		}


	IP disclosure is on file :)

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the asterisk-dev mailing list