[Home]

Summary:ASTERISK-11112: Also Header on BYE will Crash Asterisk
Reporter:Grey VoIP (greyvoip)Labels:
Date Opened:2007-12-26 17:35:33.000-0600Date Closed:2008-01-02 16:40:37.000-0600
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Channels/chan_sip/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) chan_sip.c.patch
Description:If the Also header on a BYE request is set then Asterisk will segfault.

Example of BYE request that will crash Asterisk:

BYE sip:303@10.0.0.15 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.100:7279;branch=z9hG4bK976ed70381c64bc6a5ec25b63f3df402
To: <sip:303@10.0.0.15>;tag=as664746ba
From: <sip:user@10.0.0.15>;tag=0509943750
Call-ID: 11f5ae5ba1e04a25a1184ff158654371
CSeq: 3 BYE
Max-Forwards: 70
Also: sip:303@10.0.0.15

****** ADDITIONAL INFORMATION ******

The reason this bug was discovered was that REFER requests were being blocked by a SIP proxy in front of Asterisk due to the CDR's for transfers being inaccurate. When a Cisco 7960 gets an error response on a REFER in the middle of an attended transfer it sends a BYE with the Also header.

The issue exists on 1.4.13 but not 1.2.17.
Comments:By: Eliel Sardanons (eliel) 2007-12-27 09:58:46.000-0600

in get_also_info() p->refer is null (thats the problem here).

By: Eliel Sardanons (eliel) 2007-12-27 10:12:15.000-0600

The uploaded also.bt.full.txt was an asterisk patched version, thats way I deleted it. The uploaded patch I think is the way to handle this messages, but not so sure, so an Architecture review is needed.

Thanks

By: Olle Johansson (oej) 2007-12-27 16:22:01.000-0600

This requires an Asterisk security report and a new release after testing. Thanks for reporting this.

By: Olle Johansson (oej) 2007-12-27 16:22:49.000-0600

Russell, please look at this and make a decision on what to do. Thanks.

By: Joshua C. Colp (jcolp) 2007-12-28 13:56:48.000-0600

oej: Already in progress, and I've been assigned to it.

By: Digium Subversion (svnbot) 2008-01-02 14:20:32.000-0600

Repository: asterisk
Revision: 95946

U   branches/1.4/channels/chan_sip.c

------------------------------------------------------------------------
r95946 | file | 2008-01-02 14:20:31 -0600 (Wed, 02 Jan 2008) | 4 lines

Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-028)
(closes issue ASTERISK-11112)
Reported by: greyvoip

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=95946

By: Digium Subversion (svnbot) 2008-01-02 14:22:47.000-0600

Repository: asterisk
Revision: 95947

_U  trunk/
U   trunk/channels/chan_sip.c

------------------------------------------------------------------------
r95947 | file | 2008-01-02 14:22:47 -0600 (Wed, 02 Jan 2008) | 12 lines

Merged revisions 95946 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r95946 | file | 2008-01-02 16:24:09 -0400 (Wed, 02 Jan 2008) | 4 lines

Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-028)
(closes issue ASTERISK-11112)
Reported by: greyvoip

........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=95947

By: Digium Subversion (svnbot) 2008-01-02 15:21:30.000-0600

Repository: asterisk
Revision: 95946

U   branches/1.4/channels/chan_sip.c

------------------------------------------------------------------------
r95946 | file | 2008-01-02 14:24:09 -0600 (Wed, 02 Jan 2008) | 4 lines

Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-001)
(closes issue ASTERISK-11112)
Reported by: greyvoip

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=95946

By: Digium Subversion (svnbot) 2008-01-02 15:21:47.000-0600

Repository: asterisk
Revision: 95947

_U  trunk/
U   trunk/channels/chan_sip.c

------------------------------------------------------------------------
r95947 | file | 2008-01-02 14:26:25 -0600 (Wed, 02 Jan 2008) | 12 lines

Merged revisions 95946 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r95946 | file | 2008-01-02 16:24:09 -0400 (Wed, 02 Jan 2008) | 4 lines

Allocate a SIP refer structure when performing a transfer using BYE with Also so that the transfer information is properly stored. (AST-2008-001)
(closes issue ASTERISK-11112)
Reported by: greyvoip

........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=95947