Summary:ASTERISK-11993: SIP INVITE msg without "From" field crashes asterisk 1.2.28 if pedantic=yes
Reporter:Hooi Ng (hooi)Labels:
Date Opened:2008-05-08 03:01:47Date Closed:2008-06-03 14:24:27
Versions:Frequency of
Description:Sending a SIP INVITE without From field crashes asterisk (version 1.2.28) if "pedantic" parsing is enabled in sip.conf.


When the From field is missing, the get_header(req, "From") at chan_sip.c:7264 (r114562) in check_user_full() returns an empty const string.  This const string then gets modified by ast_uri_decode(of) at chan_sip.c:7266 if pedanticsipchecking is true.

There is also another crash point at chan_sip.c:6839 whereby the "from" variable is null in ast_uri_decode(from) function call resulted from "from = NULL" statement at chan_sip.c:6835.
Comments:By: Russell Bryant (russell) 2008-05-08 09:26:18

Thank you for the report.  In the future, please only post code as attachments.

By: Hooi Ng (hooi) 2008-05-08 13:18:56

No problem.  I posted inline because I couldn't find the "Upload File" when creating the issue (i.e. didn't realize that you have to create the issue first and then attach).

By: Digium Subversion (svnbot) 2008-06-03 14:23:29

Repository: asterisk
Revision: 120109

U   branches/1.2/channels/chan_sip.c

r120109 | file | 2008-06-03 14:23:28 -0500 (Tue, 03 Jun 2008) | 4 lines

Copy the From header into a variable so that pedantic SIP handling does not try to mess with a NULL pointer. (AST-2008-008)
(closes issue ASTERISK-11993)
Reported by: hooi