| Summary: | ASTERISK-11351: Missed protection from incorrect dial string in parse_dial_string | ||
| Reporter: | Sergey Okhapkin (sokhapkin) | Labels: | |
| Date Opened: | 2008-01-31 18:20:52.000-0600 | Date Closed: | 2008-01-31 18:31:17.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | chan_iax2 accepts dial string like iax2/user:password@ (missed host). On a busy host with much iax2 activity this leads to denial of service after short period of time with errors like [Jan 31 19:06:28] DEBUG[19315] chan_iax2.c: realtime_peer: Bah, '' is expired (1201824378/0/1201824 378)! [Jan 31 19:06:28] NOTICE[19315] channel.c: Unable to request channel iax2/asd:qwe@ [Jan 31 19:06:28] DEBUG[19315] devicestate.c: Notification of state change to be queued on device/c hannel **Unknown** [Jan 31 19:06:28] WARNING[12759] res_config_odbc.c: SQL Alloc Handle failed! [Jan 31 19:06:28] WARNING[12759] res_odbc.c: SQL Prepare failed. Attempting a reconnect... [Jan 31 19:06:28] DEBUG[12724] devicestate.c: Checking if I can find provider for "**Unknown**" - n umber: (null) [Jan 31 19:06:28] DEBUG[12724] devicestate.c: Changing state for **Unknown** - state 4 (Invalid) [Jan 31 19:06:29] NOTICE[12757] chan_iax2.c: Out of idle IAX2 threads for I/O, pausing! [Jan 31 19:06:29] NOTICE[12756] chan_iax2.c: Out of idle IAX2 threads for scheduling! [Jan 31 19:06:30] NOTICE[12757] chan_iax2.c: Out of idle IAX2 threads for I/O, pausing! [Jan 31 19:06:30] NOTICE[12756] chan_iax2.c: Out of idle IAX2 threads for scheduling! [Jan 31 19:06:30] DEBUG[23088] rtp.c: Got RTCP report of 176 bytes [Jan 31 19:06:31] NOTICE[12757] chan_iax2.c: Out of idle IAX2 threads for I/O, pausing! [Jan 31 19:06:31] NOTICE[12756] chan_iax2.c: Out of idle IAX2 threads for scheduling! ****** ADDITIONAL INFORMATION ****** Not sure how to fix this right, something like this in parse_dial_string(): if (strchr(pds->peer, '@')) { data = pds->peer; pds->username = strsep(&data, "@"); + if(strlen(data)) pds->peer = data; + else + pds->peer = NULL; } | ||
| Comments: | By: Sergey Okhapkin (sokhapkin) 2008-01-31 18:24:38.000-0600 The simplest way to reproduce is to enter CLI command originate iax2/asd:qwe@ extension 100 By: Digium Subversion (svnbot) 2008-01-31 18:30:31.000-0600 Repository: asterisk Revision: 101693 U branches/1.4/channels/chan_iax2.c ------------------------------------------------------------------------ r101693 | russell | 2008-01-31 18:30:30 -0600 (Thu, 31 Jan 2008) | 8 lines Add some more sanity checking on IAX2 dial strings for the case that no peer or hostname was provided, which is the one part of the dial string that is absolutely required. If it's not there, bail out. (closes issue ASTERISK-11351) Reported by sokhapkin Patch by me ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=101693 By: Digium Subversion (svnbot) 2008-01-31 18:31:17.000-0600 Repository: asterisk Revision: 101694 _U trunk/ U trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r101694 | russell | 2008-01-31 18:31:17 -0600 (Thu, 31 Jan 2008) | 16 lines Merged revisions 101693 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r101693 | russell | 2008-01-31 18:32:49 -0600 (Thu, 31 Jan 2008) | 8 lines Add some more sanity checking on IAX2 dial strings for the case that no peer or hostname was provided, which is the one part of the dial string that is absolutely required. If it's not there, bail out. (closes issue ASTERISK-11351) Reported by sokhapkin Patch by me ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=101694 | ||