Asterisk
  1. Asterisk
  2. ASTERISK-9042

Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0)

    Details

    • Type: Bug Bug
    • Status: Closed
    • Severity: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Target Release Version/s: None
    • Component/s: Core/General
    • Labels:
      None
    • SVN Revision Number:
      58995
    • Mantis ID:
      9313
    • Regression:
      No

      Description

      Asterisk segfaults upon receipt of a certain SIP reply from the remote system (SIP Response code 0).

      I am originating a call (by a means of a .call file) from my asterisk to a mobile phone thru a service provider. The call goes thru and the mobile phone rings. When i reject the call on the mobile phone Asterisk segfaults.

      I've used a packet sniffer and noticed that the packet that seems to crash asterisk is a SIP packet from the remote equipment containing SIP Response code 0.

                • ADDITIONAL INFORMATION ******

      Asterisk-trunk-r58995 (the lastest i think)
      Linux Debian sarge (stable)
      Kernel - 2.6.8-2-686
      the remote equipment seems to be a Vega 400 - connecting thru SIP

      i've also tested this on the asterisk 1.4.1 tarball and am able to reproduce the bug

      i've also tested this on the asterisk 1.0.7 version that is in the stable debian tree and it does not crash but only produces a warning:
      NOTICE: chan_sip.c:6971 handle_response: Don't know anything about a 0 response from SIP/orbi-517d

        Activity

        Hide
        Filip Dimitrov added a comment -

        I did select DONT_OPTIMIZE in menuconfig and then compiled asterisk.

        as per doc/backtrace.txt:

        "Now, just create an output.txt file and dump your "bt full"
        (and/or "bt") ALONG WITH "thread apply all bt" into it."

        which is what i did. I did split it in 3 files tho.

        Show
        Filip Dimitrov added a comment - I did select DONT_OPTIMIZE in menuconfig and then compiled asterisk. as per doc/backtrace.txt: "Now, just create an output.txt file and dump your "bt full" (and/or "bt") ALONG WITH "thread apply all bt" into it." which is what i did. I did split it in 3 files tho.
        Hide
        Serge Vecher added a comment -

        I bet 1.4 branch is affected too ...

        Show
        Serge Vecher added a comment - I bet 1.4 branch is affected too ...
        Hide
        Joshua Colp added a comment -

        I've tested all SIP packets on this bug against the latest version of things, and they don't crash. The last backtrace listed is not useful at all... but I suspect that this new bug requires an active dialog to be up so you can't just exploit it by sending the packet.

        Show
        Joshua Colp added a comment - I've tested all SIP packets on this bug against the latest version of things, and they don't crash. The last backtrace listed is not useful at all... but I suspect that this new bug requires an active dialog to be up so you can't just exploit it by sending the packet.
        Hide
        David Svanlund added a comment -

        I am able to reproduce this bug - some really nasty stuff. Tested against 1.2.17 as well as latest svn. The sensitive details will be provided to a core asterisk developer or equal, as soon as I can get someone to look at it.

        Show
        David Svanlund added a comment - I am able to reproduce this bug - some really nasty stuff. Tested against 1.2.17 as well as latest svn. The sensitive details will be provided to a core asterisk developer or equal, as soon as I can get someone to look at it.
        Hide
        Joshua Colp added a comment -

        All brought up issues have been solved in this bug as of latest SVN of everything.

        Show
        Joshua Colp added a comment - All brought up issues have been solved in this bug as of latest SVN of everything.

          People

          • Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development