Summary: | ASTERISK-22821: Asterisk 12-beta @r402448 pjsip sigsegv receiving SIP MESSAGE when checking Contact header | ||
Reporter: | Anthony Messina (amessina) | Labels: | |
Date Opened: | 2013-11-03 04:48:27.000-0600 | Date Closed: | 2013-11-12 10:46:04.000-0600 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Resources/res_pjsip_messaging |
Versions: | 12.0.0-beta1 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Fedora 19 x86_64, compiled Asterisk and PJSIP from source. | Attachments: | ( 0) asterisk-12-r402448-PJSIP_HEADER-read-Contact-sigsegv.txt ( 1) asterisk-12-r402448-pjsip-message-sigsegv.txt |
Description: | Asterisk dumps core when receiving a PJSIP SIP MESSAGE from a CSipCimple client. The issue appears when Asterisk attempts to check for a Contact header in the incoming MESSAGE (in res/res_pjsip_messaging.c):
{code} /* contact header */ if ((size = pjsip_hdr_print_on(pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL), buf, sizeof(buf)-1)) > 0) { buf[size] = '\0'; CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf)); } {code} It may well be that CSipSimple is sending a bad Contact header, but it shouldn't cause Asterisk/PJSIP to bail. I am contacting the CSipSimple developers to ask about their Contact header. If I replace the above snippet with the following, SIP MESSAGEs are processed properly (though I don't know C and I'm not sure this will do what it's supposed to): {code} /* new contact header */ pjsip_contact_hdr *contact_hdr; contact_hdr = (pjsip_contact_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL); if (contact_hdr) { buf[size] = '\0'; CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf)); } {code} I will attach a backtrace showing the problem. | ||
Comments: | By: Anthony Messina (amessina) 2013-11-03 04:49:06.162-0600 Backtrace By: Anthony Messina (amessina) 2013-11-03 05:22:04.820-0600 Here is my initial request for information to the CSipSimple developers: https://groups.google.com/forum/#!topic/csipsimple-dev/JBbdIiVJ29Q By: Anthony Messina (amessina) 2013-11-03 08:05:40.592-0600 According to the lead developer of CSipSimple, {quote} OK, seems contact header is not allowed to MESSAGE request http://www.ietf.org/rfc/rfc3428.txt Section 9/10. So I think that asterisk server should not search for this header in MESSAGE at all.... and that it's even expected that *all* standard sip client should make current asterisk code crash when sending a message (as standard client should not include contact header). {quote} So perhaps thatcheck for a Contact header should be removed. I should note however, that I get a very similar core dump when I try to read the Contact header using the PJSIP_HEADER function (but that's a separate issue...) By: Anthony Messina (amessina) 2013-11-03 08:48:13.127-0600 Here is a little more information on Contact header NOT belonging in MESSAGE: https://code.google.com/p/mobicents/issues/detail?id=1687 By: Matt Jordan (mjordan) 2013-11-04 11:43:50.154-0600 Agreed, we shouldn't rely on the presence of the Contact header in a MESSAGE request. By: Anthony Messina (amessina) 2013-11-04 20:19:02.202-0600 Thanks, Matt. After working with this overnight, it seems like there may be a larger issue here. Whether or not Asterisk should check for the Contact header is one thing, but after verifying that CSipSimple doesn't send a Contact header, the question arises why is Asterisk dumping core when searching for a PJSIP header that isn't there. A similar issue arises when using the PJSIP_HEADER function. It may be related to using PJSIP_HEADER on the Message/ast_msg_channel. I have more testing to do, but I also see the SIGSEGV when trying to read other headers using PJSIP_HEADER. I'll attach a backtrace of what I'm talking about. By: Anthony Messina (amessina) 2013-11-04 20:20:14.146-0600 SIGSEGV when using PJSIP_HEADER function to read Contact header on Message/ast_msg_queue channel By: Kevin Harwell (kharwell) 2013-11-12 10:48:55.084-0600 In the messaging case it is correct that the contact header should not be checked. Removing the offending code fixed the problem. For the PJSIP_HEADER case it was attempting to dereference a null private channel tech pointer. I put in some null checks to guard against this. However, since this bug was found along side the messaging bug, I suspect you were attempting to use the PJSIP_HEADER dialplan function to set items before calling the "MessageSend" application. Since these messages are "out of dialog" there is no associated channel technology so PJSIP_HEADER function cannot be used here. However there exists a MESSAGE function (https://wiki.asterisk.org/wiki/display/AST/Asterisk+12+Function_MESSAGE) that is used for this and can be used instead. |