Summary: | ASTERISK-11993: SIP INVITE msg without "From" field crashes asterisk 1.2.28 if pedantic=yes | ||
Reporter: | Hooi Ng (hooi) | Labels: | |
Date Opened: | 2008-05-08 03:01:47 | Date Closed: | 2008-06-03 14:24:27 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Sending a SIP INVITE without From field crashes asterisk (version 1.2.28) if "pedantic" parsing is enabled in sip.conf. ****** ADDITIONAL INFORMATION ****** When the From field is missing, the get_header(req, "From") at chan_sip.c:7264 (r114562) in check_user_full() returns an empty const string. This const string then gets modified by ast_uri_decode(of) at chan_sip.c:7266 if pedanticsipchecking is true. There is also another crash point at chan_sip.c:6839 whereby the "from" variable is null in ast_uri_decode(from) function call resulted from "from = NULL" statement at chan_sip.c:6835. | ||
Comments: | By: Russell Bryant (russell) 2008-05-08 09:26:18 Thank you for the report. In the future, please only post code as attachments. By: Hooi Ng (hooi) 2008-05-08 13:18:56 No problem. I posted inline because I couldn't find the "Upload File" when creating the issue (i.e. didn't realize that you have to create the issue first and then attach). By: Digium Subversion (svnbot) 2008-06-03 14:23:29 Repository: asterisk Revision: 120109 U branches/1.2/channels/chan_sip.c ------------------------------------------------------------------------ r120109 | file | 2008-06-03 14:23:28 -0500 (Tue, 03 Jun 2008) | 4 lines Copy the From header into a variable so that pedantic SIP handling does not try to mess with a NULL pointer. (AST-2008-008) (closes issue ASTERISK-11993) Reported by: hooi ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=120109 |