Asterisk
  1. Asterisk
  2. ASTERISK-11993

SIP INVITE msg without "From" field crashes asterisk 1.2.28 if pedantic=yes

    Details

    • Type: Bug Bug
    • Status: Closed
    • Severity: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Target Release Version/s: None
    • Labels:
      None
    • Mantis ID:
      12607
    • Regression:
      No

      Description

      Sending a SIP INVITE without From field crashes asterisk (version 1.2.28) if "pedantic" parsing is enabled in sip.conf.

                • ADDITIONAL INFORMATION ******

      When the From field is missing, the get_header(req, "From") at chan_sip.c:7264 (r114562) in check_user_full() returns an empty const string. This const string then gets modified by ast_uri_decode(of) at chan_sip.c:7266 if pedanticsipchecking is true.

      There is also another crash point at chan_sip.c:6839 whereby the "from" variable is null in ast_uri_decode(from) function call resulted from "from = NULL" statement at chan_sip.c:6835.

        Activity

        Hide
        Russell Bryant added a comment -

        Thank you for the report. In the future, please only post code as attachments.

        Show
        Russell Bryant added a comment - Thank you for the report. In the future, please only post code as attachments.
        Hide
        Hooi Ng added a comment -

        No problem. I posted inline because I couldn't find the "Upload File" when creating the issue (i.e. didn't realize that you have to create the issue first and then attach).

        Show
        Hooi Ng added a comment - No problem. I posted inline because I couldn't find the "Upload File" when creating the issue (i.e. didn't realize that you have to create the issue first and then attach).
        Hide
        Digium Subversion added a comment -

        Repository: asterisk
        Revision: 120109

        U branches/1.2/channels/chan_sip.c

        ------------------------------------------------------------------------
        r120109 | file | 2008-06-03 14:23:28 -0500 (Tue, 03 Jun 2008) | 4 lines

        Copy the From header into a variable so that pedantic SIP handling does not try to mess with a NULL pointer. (AST-2008-008)
        (closes issue ASTERISK-11993)
        Reported by: hooi

        ------------------------------------------------------------------------

        http://svn.digium.com/view/asterisk?view=rev&revision=120109

        Show
        Digium Subversion added a comment - Repository: asterisk Revision: 120109 U branches/1.2/channels/chan_sip.c ------------------------------------------------------------------------ r120109 | file | 2008-06-03 14:23:28 -0500 (Tue, 03 Jun 2008) | 4 lines Copy the From header into a variable so that pedantic SIP handling does not try to mess with a NULL pointer. (AST-2008-008) (closes issue ASTERISK-11993 ) Reported by: hooi ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=120109

          People

          • Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development