| Summary: | ASTERISK-28447: res_pjsip_messaging: In-dialog MESSAGE with no body causes crash | ||
| Reporter: | Gil Richard (GilRichard) | Labels: | patch pjsip security |
| Date Opened: | 2019-06-12 12:33:46 | Date Closed: | 2019-07-11 14:03:08 |
| Priority: | Blocker | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_pjsip_messaging |
| Versions: | 13.27.0 16.4.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 0001-res_pjsip_messaging-Check-for-body-in-in-dialog-mess.patch ( 1) backtrace_48.txt | |
| Description: | If an in-dialog MESSAGE request is received with no body then a crash occurs due to an assumption that a body will exist. | ||
| Comments: | By: Asterisk Team (asteriskteam) 2019-06-12 12:33:48.783-0500 This issue has been automatically restricted and set to a blocker due to being a security type issue. If this is not a security vulnerability issue it will be moved to the appropriate issue type when triaged. By: Joshua C. Colp (jcolp) 2019-06-12 12:36:15.173-0500 This can be reproduced by modifying the tests/channels/pjsip/message/message_in_dialog SIPp scenario to not have a body. By: George Joseph (gjoseph) 2019-06-12 13:28:22.402-0500 [~GilRichard] can you rebuild with the patch (for 13.x) under 'Gerrit Reviews" and confirm that it fixes the issue? By: George Joseph (gjoseph) 2019-06-12 13:35:16.690-0500 oops, I just remembered you probably don't have access to that gerrit project. Patch attached (which should also work on 16.x) By: Gil Richard (GilRichard) 2019-06-13 08:05:34.292-0500 Tested the patch and it now returns Unsupported Media type. And does not blow up. By: Gil Richard (GilRichard) 2019-06-14 09:10:25.805-0500 I believe this issue is fixed. Should I update the status of this ticket? I'm not sure what the procedure is here. By: George Joseph (gjoseph) 2019-06-14 09:17:49.958-0500 No need. It'll automatically get updated when a release is made (which should be shortly) By: Friendly Automation (friendly-automation) 2019-07-11 14:03:09.638-0500 Change 11558 merged by Benjamin Keith Ford: res_pjsip_messaging: Check for body in in-dialog message [https://gerrit.asterisk.org/c/asterisk/+/11558|https://gerrit.asterisk.org/c/asterisk/+/11558] By: Friendly Automation (friendly-automation) 2019-07-11 14:15:28.758-0500 Change 11555 merged by Benjamin Keith Ford: res_pjsip_messaging: Check for body in in-dialog message [https://gerrit.asterisk.org/c/asterisk/+/11555|https://gerrit.asterisk.org/c/asterisk/+/11555] By: Friendly Automation (friendly-automation) 2019-07-11 14:15:38.999-0500 Change 11556 merged by Benjamin Keith Ford: res_pjsip_messaging: Check for body in in-dialog message [https://gerrit.asterisk.org/c/asterisk/+/11556|https://gerrit.asterisk.org/c/asterisk/+/11556] By: Friendly Automation (friendly-automation) 2019-07-11 14:15:50.947-0500 Change 11557 merged by Benjamin Keith Ford: res_pjsip_messaging: Check for body in in-dialog message [https://gerrit.asterisk.org/c/asterisk/+/11557|https://gerrit.asterisk.org/c/asterisk/+/11557] By: Friendly Automation (friendly-automation) 2019-07-12 09:25:54.994-0500 Change 11560 merged by Kevin Harwell: res_pjsip_messaging: Check for body in in-dialog message [https://gerrit.asterisk.org/c/asterisk/+/11560|https://gerrit.asterisk.org/c/asterisk/+/11560] | ||