[Home]

Summary:ASTERISK-27480: Security: Authenticated SUBSCRIBE without Contact crashes asterisk
Reporter:Ross Beer (rossbeer)Labels:patch pjsip
Date Opened:2017-12-12 08:03:42.000-0600Date Closed:2017-12-22 15:58:41.000-0600
Priority:MajorRegression?
Status:Closed/CompleteComponents:Channels/chan_pjsip
Versions:13.18.3 GIT Frequency of
Occurrence
Constant
Related
Issues:
Environment:Fedora 23 CentOS 7Attachments:( 0) AST-2017-014.pdf
( 1) no_contact.diff
Description:When an authenticated SUBSCRIBE without a Contact  is sent to Asterisk it crashes
Comments:By: Asterisk Team (asteriskteam) 2017-12-12 08:03:43.527-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: George Joseph (gjoseph) 2017-12-12 08:19:57.517-0600

I can reproduce easily.  In this case, the incoming subscribe packet had a chunk missing that contained the Contact and Expires headers but the Authorization header was still there and intact.  The first thing we do in ast_sip_create_dialog_uas is get the contact header and use it to set the transport selector without checking it..


By: Ross Beer (rossbeer) 2017-12-21 14:59:10.956-0600

Is there a patch you would like me to test for this issue?

By: Kevin Harwell (kharwell) 2017-12-21 15:08:35.410-0600

{quote}
Is there a patch you would like me to test for this issue?
{quote}
Yes! Give [^no_contact.diff] a shot.

By: Friendly Automation (friendly-automation) 2017-12-22 15:58:41.690-0600

Change 7720 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7720|https://gerrit.asterisk.org/7720]

By: Friendly Automation (friendly-automation) 2017-12-22 15:58:51.482-0600

Change 7721 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7721|https://gerrit.asterisk.org/7721]

By: Friendly Automation (friendly-automation) 2017-12-22 15:58:58.019-0600

Change 7722 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7722|https://gerrit.asterisk.org/7722]

By: Friendly Automation (friendly-automation) 2017-12-22 15:59:11.321-0600

Change 7719 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7719|https://gerrit.asterisk.org/7719]

By: Friendly Automation (friendly-automation) 2017-12-22 15:59:17.868-0600

Change 7724 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7724|https://gerrit.asterisk.org/7724]

By: Friendly Automation (friendly-automation) 2017-12-22 16:15:39.455-0600

Change 7727 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7727|https://gerrit.asterisk.org/7727]

By: Friendly Automation (friendly-automation) 2017-12-22 16:15:47.787-0600

Change 7728 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7728|https://gerrit.asterisk.org/7728]

By: Friendly Automation (friendly-automation) 2017-12-22 16:22:39.773-0600

Change 7729 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7729|https://gerrit.asterisk.org/7729]

By: Friendly Automation (friendly-automation) 2017-12-22 16:22:47.384-0600

Change 7730 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7730|https://gerrit.asterisk.org/7730]

By: Friendly Automation (friendly-automation) 2017-12-22 16:22:55.455-0600

Change 7731 merged by Kevin Harwell:
AST-2017-014: res_pjsip - Missing contact header can cause crash

[https://gerrit.asterisk.org/7731|https://gerrit.asterisk.org/7731]