Asterisk
  1. Asterisk
  2. ASTERISK-27345

res_pjsip_session: RTP instances leak on 488 responses.

    Details

      Description

      It appears we leak the struct ast_sip_session associated with any call that is rejected before being established. In the case of 488 this leak includes RTP instances, which can be easily exploited to use up all RTP ports.

      chan_pjsip is vulnerable to any SIP client that it accepts inbound calls from. This issue was found using REF_DEBUG with the testsuite tests/channels/pjsip/sdp_offer_answer/incoming/off-nominal/multiple-media-stream/audio-video/codec-mismatch, specifically the uac-codec-mismatch.xml scenario leaks 2 RTP instances. I verified that a 15 minute delay before shutdown of Asterisk does not release the resources.

      RTP instance creation occurs after the authentication step, so this can only be exploited if authentication is disabled or by users with SIP credentials. Still when an administrator gives someone SIP credentials they do not intend to give access to effectively shutdown Asterisk.

        Issue Links

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

          Hide
          Friendly Automation added a comment -

          Change 7140 merged by George Joseph:
          AST-2017-011 - res_pjsip_session: session leak when a call is rejected

          https://gerrit.asterisk.org/7140

          Show
          Friendly Automation added a comment - Change 7140 merged by George Joseph: AST-2017-011 - res_pjsip_session: session leak when a call is rejected https://gerrit.asterisk.org/7140
          Hide
          Friendly Automation added a comment -

          Change 7141 merged by George Joseph:
          AST-2017-011 - res_pjsip_session: session leak when a call is rejected

          https://gerrit.asterisk.org/7141

          Show
          Friendly Automation added a comment - Change 7141 merged by George Joseph: AST-2017-011 - res_pjsip_session: session leak when a call is rejected https://gerrit.asterisk.org/7141
          Hide
          Friendly Automation added a comment -

          Change 7136 merged by George Joseph:
          AST-2017-011 - res_pjsip_session: session leak when a call is rejected

          https://gerrit.asterisk.org/7136

          Show
          Friendly Automation added a comment - Change 7136 merged by George Joseph: AST-2017-011 - res_pjsip_session: session leak when a call is rejected https://gerrit.asterisk.org/7136
          Hide
          Friendly Automation added a comment -

          Change 7139 merged by George Joseph:
          AST-2017-011 - res_pjsip_session: session leak when a call is rejected

          https://gerrit.asterisk.org/7139

          Show
          Friendly Automation added a comment - Change 7139 merged by George Joseph: AST-2017-011 - res_pjsip_session: session leak when a call is rejected https://gerrit.asterisk.org/7139
          Hide
          Friendly Automation added a comment -

          Change 7142 merged by George Joseph:
          AST-2017-011 - res_pjsip_session: session leak when a call is rejected

          https://gerrit.asterisk.org/7142

          Show
          Friendly Automation added a comment - Change 7142 merged by George Joseph: AST-2017-011 - res_pjsip_session: session leak when a call is rejected https://gerrit.asterisk.org/7142

            People

            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: