| Summary: | ASTERISK-16831: [patch] deny=all in iax.conf results in segmentation fault | ||
| Reporter: | Isaac McDonald (imcdona) | Labels: | |
| Date Opened: | 2010-10-19 05:18:01 | Date Closed: | 2011-01-28 14:19:59.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) backtrace.txt ( 1) issue0018162.patch | |
| Description: | Specifying deny=all rather than disallow=all in the codec directive on an IAX peer results in a seg fault. Changing deny=all to disallow=all results in expected behavior. Example improper use of the codec directive that causes a crash: [bobloblaw] deny=all allow=ulaw type=friend host=172.20.20.5 qualify=yes context=from-internal Example of proper use of the codec directive that does not cause a crash: [bobloblaw] disallow=all allow=ulaw type=friend host=172.20.20.5 qualify=yes context=from-internal | ||
| Comments: | By: Walter Doekes (wdoekes) 2010-10-19 06:22:14 ast_append_ha expects a valid *error pointer to be passed. Several callers do not provide it: ./main/manager.c:user->ha = ast_append_ha(var->name, var->value, user->ha, NULL); ./channels/chan_skinny.c:CDEV->ha = ast_append_ha(v->name, v->value, CDEV->ha, NULL); ./channels/chan_iax2.c:peer->ha = ast_append_ha(v->name, v->value, peer->ha, NULL); ./channels/chan_iax2.c:user->ha = ast_append_ha(v->name, v->value, user->ha, NULL); ./channels/chan_mgcp.c:gw->ha = ast_append_ha(v->name, v->value, gw->ha, NULL); ./channels/chan_unistim.c:d->ha = ast_append_ha(v->name, v->value, d->ha, NULL); Fix: either allow *error to be NULL in ast_append_ha or fix the above to supply an &error location. By: Isaac McDonald (imcdona) 2010-10-19 15:15:53 The above broken config does not seg fault Asterisk 1.6. By: Eric Negaard (enegaard) 2011-01-24 07:52:59.000-0600 Note that this crash also occurs on seemingly valid constructs like: deny=0.0.0.0/0.0.0.0 permit=0.0.0.0/0.0.0.0 Which some versions of FreePBX add to IAX peers by default. This bit me after my recent upgrade to Asterisk 1.8.2.2. Installing the suggested patch works fine. This fix should get implemented ASAP! By: Sean Bright (seanbright) 2011-01-26 14:53:22.000-0600 enegaard, You crash with: <pre> deny=0.0.0.0/0.0.0.0 permit=0.0.0.0/0.0.0.0 </pre>Even with the patch from this issue applied? By: Eric Negaard (enegaard) 2011-01-27 23:40:50.000-0600 No, sorry, that's not what I meant to say. The patch works perfectly fine. What I meant to say was, that perhaps the priority of getting this patch put into a released Asterisk version should be bumped up since I think a lot of people will be affected. By: Digium Subversion (svnbot) 2011-01-28 14:19:10.000-0600 Repository: asterisk Revision: 304638 U branches/1.8/main/acl.c ------------------------------------------------------------------------ r304638 | seanbright | 2011-01-28 14:19:09 -0600 (Fri, 28 Jan 2011) | 11 lines Restore some conditionals that we lost in r277814. There are some cases where ast_append_ha() is called with a NULL instead of a valid int pointer. So if we get a NULL, don't try to dereference it. (closes issue ASTERISK-16831) Reported by: imcdona Patches: issue0018162.patch uploaded by pabelanger (license 224) Tested by: enegaard ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=304638 By: Digium Subversion (svnbot) 2011-01-28 14:19:58.000-0600 Repository: asterisk Revision: 304639 _U trunk/ U trunk/main/acl.c ------------------------------------------------------------------------ r304639 | seanbright | 2011-01-28 14:19:58 -0600 (Fri, 28 Jan 2011) | 18 lines Merged revisions 304638 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r304638 | seanbright | 2011-01-28 15:19:08 -0500 (Fri, 28 Jan 2011) | 11 lines Restore some conditionals that we lost in r277814. There are some cases where ast_append_ha() is called with a NULL instead of a valid int pointer. So if we get a NULL, don't try to dereference it. (closes issue ASTERISK-16831) Reported by: imcdona Patches: issue0018162.patch uploaded by pabelanger (license 224) Tested by: enegaard ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=304639 By: Asterisk Team (asteriskteam) 2018-07-30 09:00:42.168-0500 This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable. | ||