Summary: | ASTERISK-27480: Security: Authenticated SUBSCRIBE without Contact crashes asterisk | ||
Reporter: | Ross Beer (rossbeer) | Labels: | patch pjsip |
Date Opened: | 2017-12-12 08:03:42.000-0600 | Date Closed: | 2017-12-22 15:58:41.000-0600 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_pjsip |
Versions: | 13.18.3 GIT | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Fedora 23 CentOS 7 | Attachments: | ( 0) AST-2017-014.pdf ( 1) no_contact.diff |
Description: | When an authenticated SUBSCRIBE without a Contact is sent to Asterisk it crashes | ||
Comments: | By: Asterisk Team (asteriskteam) 2017-12-12 08:03:43.527-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: George Joseph (gjoseph) 2017-12-12 08:19:57.517-0600 I can reproduce easily. In this case, the incoming subscribe packet had a chunk missing that contained the Contact and Expires headers but the Authorization header was still there and intact. The first thing we do in ast_sip_create_dialog_uas is get the contact header and use it to set the transport selector without checking it.. By: Ross Beer (rossbeer) 2017-12-21 14:59:10.956-0600 Is there a patch you would like me to test for this issue? By: Kevin Harwell (kharwell) 2017-12-21 15:08:35.410-0600 {quote} Is there a patch you would like me to test for this issue? {quote} Yes! Give [^no_contact.diff] a shot. By: Friendly Automation (friendly-automation) 2017-12-22 15:58:41.690-0600 Change 7720 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7720|https://gerrit.asterisk.org/7720] By: Friendly Automation (friendly-automation) 2017-12-22 15:58:51.482-0600 Change 7721 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7721|https://gerrit.asterisk.org/7721] By: Friendly Automation (friendly-automation) 2017-12-22 15:58:58.019-0600 Change 7722 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7722|https://gerrit.asterisk.org/7722] By: Friendly Automation (friendly-automation) 2017-12-22 15:59:11.321-0600 Change 7719 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7719|https://gerrit.asterisk.org/7719] By: Friendly Automation (friendly-automation) 2017-12-22 15:59:17.868-0600 Change 7724 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7724|https://gerrit.asterisk.org/7724] By: Friendly Automation (friendly-automation) 2017-12-22 16:15:39.455-0600 Change 7727 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7727|https://gerrit.asterisk.org/7727] By: Friendly Automation (friendly-automation) 2017-12-22 16:15:47.787-0600 Change 7728 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7728|https://gerrit.asterisk.org/7728] By: Friendly Automation (friendly-automation) 2017-12-22 16:22:39.773-0600 Change 7729 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7729|https://gerrit.asterisk.org/7729] By: Friendly Automation (friendly-automation) 2017-12-22 16:22:47.384-0600 Change 7730 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7730|https://gerrit.asterisk.org/7730] By: Friendly Automation (friendly-automation) 2017-12-22 16:22:55.455-0600 Change 7731 merged by Kevin Harwell: AST-2017-014: res_pjsip - Missing contact header can cause crash [https://gerrit.asterisk.org/7731|https://gerrit.asterisk.org/7731] |