[Home]

Summary:ASTERISK-14676: [patch] Directory causes crash if dialing by last name
Reporter:dlnoah (dlnoah)Labels:
Date Opened:2009-08-18 11:33:53Date Closed:2009-09-24 02:47:52
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Applications/app_directory
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) 15739_btfull.txt
( 1) 15739_threadapply.txt
( 2) 20090914__issue15739.diff.txt
( 3) 20090922__issue15739.diff.txt
( 4) btfull.txt
( 5) threadapply.txt
Description:Our server is set up with voicemail.conf configured as follows:
[default]
...
1016 => <password>,Heather Teegarden,<e-mail>
1017 => <password>,Russ Davies,<e-mail>
...

I received a report that callers were getting disconnected when they tried to dial by last name, have confirmed with several different last names that Asterisk is crashing when last name entry is used in the directory.  The directory is working corretly if dial by first name is chosen.

From looking at the change logs for 1.6.1.2 and 1.6.1.4, and the appropriate security bulletin, it doesn't look to me like either update includes a fix for this crash.



****** ADDITIONAL INFORMATION ******

My Directory statements and the relevant part of my dialplan for handling calls after hours are as follows:
[incoming-general]
...
exten => closed,1,Wait(2)
exten => closed,n,Answer()
exten => closed,n,Set(REPLAY=0) ; Set variable to track replay
exten => closed,n(closedmsg),Background(custom/Andres-closed) ; Play closed message & listen for extension
exten => closed,n,WaitExten(10) ; Wait 10 sec for extension
exten => closed,n,GotoIf(${REPLAY}?hangup) ; If we have already replayed once, go hangup
exten => closed,n,Set(REPLAY=1) ; Set replay to indicate we are looping
exten => closed,n,Goto(closedmsg) ; Loop back to replay message
exten => closed,n(hangup),Hangup() ; Hang up dead calls

exten => 1,1,Directory(default,incoming-general,f) ; First name directory

exten => 2,1,Directory(default,incoming-general,) ; Last name directory

exten => _10[123]X,1,Answer()
exten => _10[123]X,n,Dial(SIP/${EXTEN},15,Ww) ; Dial extension entered - 3 rings
exten => _10[123]X,n,Macro(voicemail,${EXTEN},${DIALSTATUS}) ; After timeout, send to vm
exten => _10[123]X,n,Hangup() ; Hangup any calls that fail vm xfer

Comments:By: Leif Madsen (lmadsen) 2009-09-08 13:00:51

I tried reproducing this issue in order to verify, but I can't see to reproduce it with 1.6.1.2 or 1.6.1 branch latest.

What am I missing here? I tried to use as much of the dialplan you added here.

At what point is it crashing? Right after they enter their 3 digits to search for the user, or when the dial happens; the macro?

I get a list of users back as I would expect, and no crashes.

Can you provide the console output showing the crash and any additional configurations needed to reproduce?

Thanks!
Leif.
By: Jason Martin (jmartin235) 2009-09-11 08:33:58

I am experiencing the same issue with Asterisk 1.6.1.6. As soon as the directory is accessed, Asterisk crashes. This is what was output in the logs before the crash:

[Sep 11 08:23:49] VERBOSE[14006] pbx.c:     -- Executing [9@inbound:1] Directory("DAHDI/1-1", "default,people") in new stack
[Sep 11 08:23:49] VERBOSE[14006] config.c:   == Parsing '/etc/asterisk/voicemail.conf': [Sep 11 08:23:49] VERBOSE[14006] config.c:   == Found
[Sep 11 08:23:49] VERBOSE[14006] config.c:   == Parsing '/etc/asterisk/users.conf': [Sep 11 08:23:49] VERBOSE[14006] config.c:   == Found

I have realtime extensions and voicemail tables set up in MySQL.

I have not tried changing the Directory options to match against the first name yet.

The directory worked fine for me with Asterisk 1.6.1.4.


By: Tilghman Lesher (tilghman) 2009-09-14 11:22:26

Patch uploaded.  Since our test guy has not been able to reproduce this, we will need you to confirm that this patch fixes this issue, before we will be able to proceed.
By: dlnoah (dlnoah) 2009-09-14 14:52:24

Is the posted patch specific to a given 1.6.1.x version, or should it patch against any 1.6.1.x version?  Is it preferred that I test the patch against 1.6.1.2, since that's what it was reported under, or can I go ahead and test against 1.6.1.6?
By: Tilghman Lesher (tilghman) 2009-09-14 15:33:12

As far as I'm aware, it should apply to any 1.6.1.x version.
By: Jeff Gehlbach (jeffg) 2009-09-18 08:30:09

On an x86_64 system running 1.6.1.6, I'm experiencing the same issue as jmartin235 -- the crash happens as soon as the dialplan takes the caller into the directory, not after a name is dialed.  My backtrace also looks significantly different from the one posted by DLNoah (I'll attach that momentarily).

It seems I'm able to work around the issue in my system simply by explicitly specifying the "l" (ell) option, which is the default, to Directory.
By: Jeff Gehlbach (jeffg) 2009-09-18 08:40:29

The apparently uninitialized pointer for the char* at index 2 (third element) of opts in directory_exec seems the sure source of the segmentation fault on my system.  I tried last night to trace the possible ways it could remain uninitialized, but my gdb skills are rusty and it was late.  I'll remove the workaround and try Tilghman's patch over the weekend.

If Leif or Tilghman would like to walk me through it, I'll be happy to do whatever's needed, but it will have to be outside business hours since the system is in production.

One other item of potential note is that I used to use ODBC for voicemail storage on this system but have switched back to filesystem storage.  It's possible I missed something in the switch back that somehow exposed this problem on my system.  I never used anything other than an actual voicemail.conf to store the voicemail config, though.


By: Leif Madsen (lmadsen) 2009-09-18 11:45:51

cd /usr/src/asterisk
wget ...
cd /usr/src/asterisk/version-for-patching
patch -p0 < ../patch-file
make install

Restart Asterisk and test again. Make sure you make a copy of your current working version of Asterisk so you can 'make install' back over the patched version in case something goes wrong.
By: Tilghman Lesher (tilghman) 2009-09-21 17:31:07

jeffg: how was your weekend testing session?
By: Jeff Gehlbach (jeffg) 2009-09-21 19:25:48

No love. I removed my ",,l" workaround from the dialplan, reloaded dialplan, and verified that the crash was present again.  Then I applied Tilghman's patch (cleanly) to an otherwise clean 1.6.1.6 tree, copied in the new app_directory.so, and started Asterisk again.  The crash persisted.  Started it up again with -g, got a substantially identical backtrace with a still uninitialized pointer at index 2 of char *opts in directory_exec:

       opts = {0x94a3a0 "ack\n", 0x10c61 <Address 0x10c61 out of bounds>, 0x41b8b480 "", 0x7f702564907f "H\211?\203=\237?."}
By: Leif Madsen (lmadsen) 2009-09-22 09:40:13

I have a feeling Tilghman is now going to ask your for valgrind output. I will let him acknowledge that though.
By: Tilghman Lesher (tilghman) 2009-09-22 12:26:09

Nope, uploaded a new patch, and I'm asking for a re-test.
By: Jeff Gehlbach (jeffg) 2009-09-22 12:34:34

Am I right to surmise, since the line numbers match up with the repository version, that this patch is meant to be applied instead of the earlier one rather than in addition to it?
By: Tilghman Lesher (tilghman) 2009-09-22 13:04:29

jeffg:  Applying both won't hurt, but this version should fix _your_ crash, and not the earlier, unrelated one that DLNoah reported.
By: Jeff Gehlbach (jeffg) 2009-09-22 13:12:40

tilghman: Great, thanks, I'll try it out this evening.
By: dlnoah (dlnoah) 2009-09-23 20:31:39

Upgrading to 1.6.1.6 did not fix my crash.  Applying the 20090914 patch to 1.6.1.6 fixed my reported crash.  I have the console output from the crash under 1.6.1.2 and 1.6.1.6 -- if you would find that useful at this point, let me know.

And since I didn't answer lmadsen's question earlier -- the crash was happening right after the three digits for the name were entered, before the system prompted me for "is this the person you want?"


By: Digium Subversion (svnbot) 2009-09-24 02:45:18

Repository: asterisk
Revision: 219987

U   trunk/apps/app_directory.c

------------------------------------------------------------------------
r219987 | tilghman | 2009-09-24 02:39:44 -0500 (Thu, 24 Sep 2009) | 8 lines

Fix two possible crashes, one only in 1.6.1 and one in 1.6.1 forward.
(closes issue ASTERISK-14676)
Reported by: DLNoah, jeffg
Patches:
      20090914__issue15739.diff.txt uploaded by tilghman (license 14)
      20090922__issue15739.diff.txt uploaded by tilghman (license 14)
Tested by: DLNoah, jeffg

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=219987
By: Digium Subversion (svnbot) 2009-09-24 02:47:03

Repository: asterisk
Revision: 219988

_U  branches/1.6.1/
U   branches/1.6.1/apps/app_directory.c

------------------------------------------------------------------------
r219988 | tilghman | 2009-09-24 02:47:03 -0500 (Thu, 24 Sep 2009) | 15 lines

Merged revisions 219987 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

........
 r219987 | tilghman | 2009-09-24 02:39:44 -0500 (Thu, 24 Sep 2009) | 8 lines
 
 Fix two possible crashes, one only in 1.6.1 and one in 1.6.1 forward.
 (closes issue ASTERISK-14676)
  Reported by: DLNoah, jeffg
  Patches:
        20090914__issue15739.diff.txt uploaded by tilghman (license 14)
        20090922__issue15739.diff.txt uploaded by tilghman (license 14)
  Tested by: DLNoah, jeffg
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=219988
By: Digium Subversion (svnbot) 2009-09-24 02:47:50

Repository: asterisk
Revision: 219989

_U  branches/1.6.2/
U   branches/1.6.2/apps/app_directory.c

------------------------------------------------------------------------
r219989 | tilghman | 2009-09-24 02:47:50 -0500 (Thu, 24 Sep 2009) | 15 lines

Merged revisions 219987 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

........
 r219987 | tilghman | 2009-09-24 02:39:44 -0500 (Thu, 24 Sep 2009) | 8 lines
 
 Fix two possible crashes, one only in 1.6.1 and one in 1.6.1 forward.
 (closes issue ASTERISK-14676)
  Reported by: DLNoah, jeffg
  Patches:
        20090914__issue15739.diff.txt uploaded by tilghman (license 14)
        20090922__issue15739.diff.txt uploaded by tilghman (license 14)
  Tested by: DLNoah, jeffg
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=219989