| Summary: | ASTERISK-03443: Calling a SIP phone with no callerID at all segfaults | ||
| Reporter: | mcisse (mcisse) | Labels: | |
| Date Opened: | 2005-02-07 06:26:38.000-0600 | Date Closed: | 2008-01-15 15:24:41.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) backtrace.txt | |
| Description: | I've produced this case by calling a SIP phone from an IAX phone. IAX callerID is empty (I don't know why). Default callerid is set to empty in sip.conf (to be able to use any non numerical callerid). In chan_sip.c, segfault occurs on line 3762 "strncpy(p->fromuser, l, sizeof(p->fromuser) - 1);" In fact, p->fromuser is empty. So third arg of strncpy is -1. Plus, variable "l" (second argument) is NULL. So, it segfaults. p->owner->cid.cid_num (and other cid_* fields) is NULL. ****** ADDITIONAL INFORMATION ****** line 3749: if (p->owner) { l = p->owner->cid.cid_num; n = p->owner->cid.cid_name; } if ((!l || !ast_isphonenumber(l)) && default_callerid[0]) l = default_callerid; /* if user want's his callerid restricted */ if (p->callingpres & AST_PRES_PROHIB_USER_NUMBER_NOT_SCREENED) { l = CALLERID_UNKNOWN; n = l; } if (!n || ast_strlen_zero(n)) n = l; /* Allow user to be overridden */ if (!ast_strlen_zero(p->fromuser)) l = p->fromuser; else /* Save for any further attempts */ strncpy(p->fromuser, l, sizeof(p->fromuser) - 1); | ||
| Comments: | By: Mark Spencer (markster) 2005-02-07 08:56:14.000-0600 Fixed in CVS head. By: Russell Bryant (russell) 2005-02-07 23:32:43.000-0600 fixed in 1.0 By: Digium Subversion (svnbot) 2008-01-15 15:24:38.000-0600 Repository: asterisk Revision: 4980 U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r4980 | markster | 2008-01-15 15:24:38 -0600 (Tue, 15 Jan 2008) | 2 lines Fix callerid segfault in rare combination (bug ASTERISK-3443) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=4980 By: Digium Subversion (svnbot) 2008-01-15 15:24:41.000-0600 Repository: asterisk Revision: 4982 U branches/v1-0/channels/chan_sip.c ------------------------------------------------------------------------ r4982 | russell | 2008-01-15 15:24:40 -0600 (Tue, 15 Jan 2008) | 2 lines fix potential seg fault (bug ASTERISK-3443) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=4982 | ||