Details

    • Type: Bug Bug
    • Status: Closed
    • Severity: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Target Release Version/s: None
    • Labels:
      None
    • Mantis ID:
      11637
    • Regression:
      No

      Description

      If the Also header on a BYE request is set then Asterisk will segfault.

      Example of BYE request that will crash Asterisk:

      BYE sip:303@10.0.0.15 SIP/2.0
      Via: SIP/2.0/UDP 10.0.0.100:7279;branch=z9hG4bK976ed70381c64bc6a5ec25b63f3df402
      To: <sip:303@10.0.0.15>;tag=as664746ba
      From: <sip:user@10.0.0.15>;tag=0509943750
      Call-ID: 11f5ae5ba1e04a25a1184ff158654371
      CSeq: 3 BYE
      Max-Forwards: 70
      Also: sip:303@10.0.0.15

                • ADDITIONAL INFORMATION ******

      The reason this bug was discovered was that REFER requests were being blocked by a SIP proxy in front of Asterisk due to the CDR's for transfers being inaccurate. When a Cisco 7960 gets an error response on a REFER in the middle of an attended transfer it sends a BYE with the Also header.

      The issue exists on 1.4.13 but not 1.2.17.

        Activity

        Hide
        Eliel Sardanons added a comment -

        in get_also_info() p->refer is null (thats the problem here).

        Show
        Eliel Sardanons added a comment - in get_also_info() p->refer is null (thats the problem here).
        Hide
        Eliel Sardanons added a comment -

        The uploaded also.bt.full.txt was an asterisk patched version, thats way I deleted it. The uploaded patch I think is the way to handle this messages, but not so sure, so an Architecture review is needed.

        Thanks

        Show
        Eliel Sardanons added a comment - The uploaded also.bt.full.txt was an asterisk patched version, thats way I deleted it. The uploaded patch I think is the way to handle this messages, but not so sure, so an Architecture review is needed. Thanks
        Hide
        Olle Johansson added a comment -

        This requires an Asterisk security report and a new release after testing. Thanks for reporting this.

        Show
        Olle Johansson added a comment - This requires an Asterisk security report and a new release after testing. Thanks for reporting this.
        Hide
        Olle Johansson added a comment -

        Russell, please look at this and make a decision on what to do. Thanks.

        Show
        Olle Johansson added a comment - Russell, please look at this and make a decision on what to do. Thanks.
        Hide
        Joshua Colp added a comment -

        oej: Already in progress, and I've been assigned to it.

        Show
        Joshua Colp added a comment - oej: Already in progress, and I've been assigned to it.
        Hide
        Digium Subversion added a comment -

        Repository: asterisk
        Revision: 95946

        U branches/1.4/channels/chan_sip.c

        ------------------------------------------------------------------------
        r95946 | file | 2008-01-02 14:20:31 -0600 (Wed, 02 Jan 2008) | 4 lines

        Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-028)
        (closes issue ASTERISK-11112)
        Reported by: greyvoip

        ------------------------------------------------------------------------

        http://svn.digium.com/view/asterisk?view=rev&revision=95946

        Show
        Digium Subversion added a comment - Repository: asterisk Revision: 95946 U branches/1.4/channels/chan_sip.c ------------------------------------------------------------------------ r95946 | file | 2008-01-02 14:20:31 -0600 (Wed, 02 Jan 2008) | 4 lines Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-028) (closes issue ASTERISK-11112 ) Reported by: greyvoip ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=95946
        Hide
        Digium Subversion added a comment -

        Repository: asterisk
        Revision: 95947

        _U trunk/
        U trunk/channels/chan_sip.c

        ------------------------------------------------------------------------
        r95947 | file | 2008-01-02 14:22:47 -0600 (Wed, 02 Jan 2008) | 12 lines

        Merged revisions 95946 via svnmerge from
        https://origsvn.digium.com/svn/asterisk/branches/1.4

        ........
        r95946 | file | 2008-01-02 16:24:09 -0400 (Wed, 02 Jan 2008) | 4 lines

        Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-028)
        (closes issue ASTERISK-11112)
        Reported by: greyvoip

        ........

        ------------------------------------------------------------------------

        http://svn.digium.com/view/asterisk?view=rev&revision=95947

        Show
        Digium Subversion added a comment - Repository: asterisk Revision: 95947 _U trunk/ U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r95947 | file | 2008-01-02 14:22:47 -0600 (Wed, 02 Jan 2008) | 12 lines Merged revisions 95946 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r95946 | file | 2008-01-02 16:24:09 -0400 (Wed, 02 Jan 2008) | 4 lines Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-028) (closes issue ASTERISK-11112 ) Reported by: greyvoip ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=95947
        Hide
        Digium Subversion added a comment -

        Repository: asterisk
        Revision: 95946

        U branches/1.4/channels/chan_sip.c

        ------------------------------------------------------------------------
        r95946 | file | 2008-01-02 14:24:09 -0600 (Wed, 02 Jan 2008) | 4 lines

        Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-001)
        (closes issue ASTERISK-11112)
        Reported by: greyvoip

        ------------------------------------------------------------------------

        http://svn.digium.com/view/asterisk?view=rev&revision=95946

        Show
        Digium Subversion added a comment - Repository: asterisk Revision: 95946 U branches/1.4/channels/chan_sip.c ------------------------------------------------------------------------ r95946 | file | 2008-01-02 14:24:09 -0600 (Wed, 02 Jan 2008) | 4 lines Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-001) (closes issue ASTERISK-11112 ) Reported by: greyvoip ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=95946
        Hide
        Digium Subversion added a comment -

        Repository: asterisk
        Revision: 95947

        _U trunk/
        U trunk/channels/chan_sip.c

        ------------------------------------------------------------------------
        r95947 | file | 2008-01-02 14:26:25 -0600 (Wed, 02 Jan 2008) | 12 lines

        Merged revisions 95946 via svnmerge from
        https://origsvn.digium.com/svn/asterisk/branches/1.4

        ........
        r95946 | file | 2008-01-02 16:24:09 -0400 (Wed, 02 Jan 2008) | 4 lines

        Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-001)
        (closes issue ASTERISK-11112)
        Reported by: greyvoip

        ........

        ------------------------------------------------------------------------

        http://svn.digium.com/view/asterisk?view=rev&revision=95947

        Show
        Digium Subversion added a comment - Repository: asterisk Revision: 95947 _U trunk/ U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r95947 | file | 2008-01-02 14:26:25 -0600 (Wed, 02 Jan 2008) | 12 lines Merged revisions 95946 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r95946 | file | 2008-01-02 16:24:09 -0400 (Wed, 02 Jan 2008) | 4 lines Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-001) (closes issue ASTERISK-11112 ) Reported by: greyvoip ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=95947

          People

          • Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development