| Summary: | ASTERISK-21205: [patch] dundi_read_result crash due to negative number | ||
| Reporter: | Jaco Kroon (jkroon) | Labels: | patch |
| Date Opened: | 2013-03-05 07:06:51.000-0600 | Date Closed: | 2020-03-25 17:22:53 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | PBX/pbx_dundi |
| Versions: | 11.2.1 13.18.4 | Frequency of Occurrence | Occasional |
| Related Issues: | |||
| Environment: | gentoo linux kernel 3.7.3 | Attachments: | ( 0) asterisk-11.2.1-dundi-segfault-on-fail.patch |
| Description: | Should dundi_lookup_internal return a negative number then so will dundi_lookup, which usually gets assigned to num_results, which is an unsigned int. Later when sorting this number is taken "as is", which then results in an out-of-bounds situation and a segfault (usually). | ||
| Comments: | By: Jaco Kroon (jkroon) 2013-03-05 07:23:36.178-0600 This is my proposed fix. Whilst num_results was previously unsigned I've now converted it to signed in order to correctly catch the error condition. I've audited all uses of num_results and made some other ammendments. The original cause of the crash was a simple comparison against >0, since dundi_lookup_internal returns -1 or -2 on error, storing that as an unsigned value results in a large positive number, obviously >0, resulting in a sort of a NULL array, resulting in a crash. Not sure how to actually *trigger* the segfault, but since the one DC one of our servers is hosted in had a router problem I'm guessing a "no response" from the peer might trigger this. By: Rusty Newton (rnewton) 2013-03-07 18:10:41.016-0600 Thanks Jaco! pbx_dundi is extended support. If you need it in soon, you'll want to round up some interest on the asterisk-dev list or IRC. There are a few other DUNDi patches that need looking at as well. You can find them by filtering with the PBX/pbx_dundi component. Bonus points for you if you find someone willing to review and test them all then push them through to commit! By: Jaco Kroon (jkroon) 2013-03-08 00:51:38.656-0600 Hi, Thanks, I have already managed to get the distro maintainer to add the patch for me so for me the issue is sorted. I use DUNDi reasonably extensively, and will see what I can do about reviewing the patches. Assuming that I review them (which is somewhat unlikely to happen soon seeing that I've got three more asterisk related issues that I experience daily that I'm busy tracking down), where can I find procedures etc for getting them pushed through? Perhaps it's time I subscribe to the asterisk-dev list ... Kind Regards, Jaco By: Friendly Automation (friendly-automation) 2020-03-25 17:22:55.331-0500 Change 13992 merged by Kevin Harwell: dundi: fix NULL dereference. [https://gerrit.asterisk.org/c/asterisk/+/13992|https://gerrit.asterisk.org/c/asterisk/+/13992] By: Friendly Automation (friendly-automation) 2020-03-25 17:23:06.244-0500 Change 13993 merged by Kevin Harwell: dundi: fix NULL dereference. [https://gerrit.asterisk.org/c/asterisk/+/13993|https://gerrit.asterisk.org/c/asterisk/+/13993] By: Friendly Automation (friendly-automation) 2020-03-25 17:23:22.650-0500 Change 13994 merged by Kevin Harwell: dundi: fix NULL dereference. [https://gerrit.asterisk.org/c/asterisk/+/13994|https://gerrit.asterisk.org/c/asterisk/+/13994] By: Friendly Automation (friendly-automation) 2020-03-25 17:23:37.571-0500 Change 13948 merged by Kevin Harwell: dundi: fix NULL dereference. [https://gerrit.asterisk.org/c/asterisk/+/13948|https://gerrit.asterisk.org/c/asterisk/+/13948] | ||