| Summary: | ASTERISK-07986: parse_uri can crash asterisk | ||
| Reporter: | Mark Monnin (wrmem) | Labels: | |
| Date Opened: | 2006-10-23 19:24:00 | Date Closed: | 2006-10-23 19:53:29 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) parse_uri_fix.patch | |
| Description: | The latest use of parse_uri may lead to Asterisk being unstable (aka core dump), due to referencing *pass without checking if it's not NULL. Attached is a patch that fixes the problem (but may not be the most correct fix for the problem). ****** ADDITIONAL INFORMATION ****** [Switching to Thread -1214407760 (LWP 23534)] parse_uri (uri=0xb79ccde8 "sip::XXXX@WW.XX.YY.ZZ:5060", scheme=0x3a8665 "sip:", ret_name=0xb79ca99c, pass=0x0, domain=0xb79ca994, port=0xb79ca998, options=0x0) at chan_sip.c:2257 2257 if (*pass) (gdb) where #0 parse_uri (uri=0xb79ccde8 "sip:XXXX@WW.XX.YY.ZZ:5060", scheme=0x3a8665 "sip:", ret_name=0xb79ca99c, pass=0x0, domain=0xb79ca994, port=0xb79ca998, options=0x0) at chan_sip.c:2257 #1 0x00370af1 in parse_register_contact (pvt=0x8c33238, peer=0x8c1c3b0, req=0xb79d8060) at chan_sip.c:7706 #2 0x003921b4 in handle_request_register (p=0x8c33238, req=0xb79d8060, sin=0xb79d8050, e=0xb79d8285 "sip:FQDN.DOMAIN.TLD") at chan_sip.c:8205 #3 0x003a2b06 in handle_request (p=0x8c33238, req=0xb79d8060, sin=0xb79d8050, recount=0xb79ccde8, nounlock=0xb79ccde8) at chan_sip.c:14534 #4 0x003a54dd in sipsock_read (id=0x8c17240, fd=22, events=1, ignore=0x0) at chan_sip.c:14661 ASTERISK-1 0x080a070e in ast_io_wait (ioc=0x8c13c70, howlong=-1214460440) at io.c:279 ASTERISK-2 0x003a665f in do_monitor (data=0x0) at chan_sip.c:14860 ASTERISK-3 0x080eb7f5 in dummy_start (data=0x0) at utils.c:544 ASTERISK-4 0x00bd0341 in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-5 0x009d26fe in clone () from /lib/tls/libc.so.6 | ||
| Comments: | By: Russell Bryant (russell) 2006-10-23 19:53:29 I actually just put in this same fix before pulling up the bug tracker. Thanks, though! | ||