| Summary: | ASTERISK-15101: [patch] Segfault in chan_iax2.so when receiving call without CallToken support | ||
| Reporter: | Ben Klang (bklang) | Labels: | |
| Date Opened: | 2009-11-07 14:00:04.000-0600 | Date Closed: | 2009-11-10 12:00:27.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) chan_iax_with_message_update.patch ( 1) gdb.txt ( 2) issue16206.diff | |
| Description: | I have configured Asterisk svn branch 1.6.1 to talk to my legacy Asterisk 1.2 system. When the Asterisk 1.2 system places a call to the 1.6.1 system, the 1.6.1 host immediately segfaults. The problem was traced to a call to ast_log() in chan_iax2.so on line 4600. Commenting out this line and recompiling chan_iax2.so avoids the crash. Configuring Asterisk to not require call tokens from the remote peer also avoids the crash. As a side note, it appears that the text of the ast_log() message is out of date as I not find any reference to a "calltokenignore" config option for chan_iax2. I will be happy to provide the entire core file if requested. I have not yet confirmed this bug on Linux. The console reports: grant*CLI> Disconnected from Asterisk server Executing last minute cleanups /opt/asterisk/sbin/safe_asterisk: line 157: 15691: Memory fault(coredump) Asterisk ended with exit status 267 Asterisk exited on signal EXITSTATUS-128. Exited on signal EXITSTATUS-128 Below is a sample from the Asterisk corefile: (gdb) bt #0 0xfeca47a0 in countbytes () from /lib/libc.so.1 #1 0xfecf0793 in _ndoprnt () from /lib/libc.so.1 #2 0xfecf31bd in vsnprintf () from /lib/libc.so.1 #3 0x08135009 in __ast_str_helper (buf=0xfbedb188, max_len=1024, append=0, fmt=0xfd443f5c "Call rejected, CallToken Support required. If unexpected, resolve by placing address %s in the calltokenignore list or setting user %s requirecalltoken=no\n", ap=0xfbedb1f8 "###\b") at utils.c:1779 #4 0x080de87c in ast_log (level=4, file=0xfd43ee1f "chan_iax2.c", line=0, function=0xfd43df8e "handle_call_token", fmt=0xfbedb188 "8xP\b######212\f") at strings.h:631 ASTERISK-1 0xfd424bd6 in handle_call_token (fh=0x8508f68, ies=0xfbee0d74, sin=0xfbee0ec4, fd=14) at chan_iax2.c:4600 ****** STEPS TO REPRODUCE ****** 1) Configure an Asterisk system that is running a version of IAX without CallToken support (in my case 1.2.16) to talk with a system running Asterisk branch 1.6.1 (in my case SVN-branch-1.6.1-r228695M). Use the default IAX settings on the Astierks 1.6.1 side, effectively requiring CallTokens from all peers. 2) Place a call from the 1.2 system to the 1.6.1 system. 3) Watch Asterisk 1.6.1 crash. | ||
| Comments: | By: Ben Klang (bklang) 2009-11-07 14:36:09.000-0600 The problem does not seem to exist using the same Asterisk sources on Linux/x86_64 (Ubuntu 8.04). By: Leif Madsen (lmadsen) 2009-11-07 15:44:41.000-0600 It would probably be best to provide the entire backtrace as an attached file in case a developer requires it. bt bt full thread apply all bt Thanks! By: Ben Klang (bklang) 2009-11-07 15:48:35.000-0600 Requested output attached as gdb.txt By: Ben Klang (bklang) 2009-11-07 16:41:10.000-0600 I have tried to dig a little further. On the Linux/x86_64 host, the message logged is: "[Nov 7 15:29:56] ERROR[6354]: chan_iax2.c:4600 handle_call_token: Call rejected, CallToken Support required. If unexpected, resolve by placing address 192.168.1.15 in the calltokenignore list or setting user (null) requirecalltoken=no" I suspect it is the "null" in the log message that is causing the crash on Solaris. The null is coming from the variable ies->username. I don't know if it's supposed to be null or not. I'm not terribly experienced with this kind of troubleshooting, so I may be off base here. By: David Vossel (dvossel) 2009-11-09 18:01:34.000-0600 i uploaded a patch, this should resolve the issue. By: Ben Klang (bklang) 2009-11-09 18:16:55.000-0600 I can confirm that the patch works. Thanks! I updated the your patch to change one word of the message. I replaced the word "calltokenignore" with "calltokenoptional" to reflect what I believe to be the correct directive in iax.conf. Otherwise, this seems to solve the issue. By: David Vossel (dvossel) 2009-11-09 18:19:50.000-0600 thanks! By: Digium Subversion (svnbot) 2009-11-10 11:21:52.000-0600 Repository: asterisk Revision: 229167 U branches/1.4/channels/chan_iax2.c ------------------------------------------------------------------------ r229167 | dvossel | 2009-11-10 11:21:52 -0600 (Tue, 10 Nov 2009) | 9 lines don't crash on log message in solaris AST-2009-006 (closes issue ASTERISK-15101) Reported by: bklang Tested by: bklang ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=229167 By: Digium Subversion (svnbot) 2009-11-10 11:22:44.000-0600 Repository: asterisk Revision: 229168 _U trunk/ U trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r229168 | dvossel | 2009-11-10 11:22:43 -0600 (Tue, 10 Nov 2009) | 15 lines Merged revisions 229167 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r229167 | dvossel | 2009-11-10 11:15:57 -0600 (Tue, 10 Nov 2009) | 9 lines don't crash on log message in solaris AST-2009-006 (closes issue ASTERISK-15101) Reported by: bklang Tested by: bklang ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=229168 By: Digium Subversion (svnbot) 2009-11-10 11:58:27.000-0600 Repository: asterisk Revision: 229232 _U branches/1.6.2/ U branches/1.6.2/channels/chan_iax2.c ------------------------------------------------------------------------ r229232 | dvossel | 2009-11-10 11:58:27 -0600 (Tue, 10 Nov 2009) | 22 lines Merged revisions 229168 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r229168 | dvossel | 2009-11-10 11:16:49 -0600 (Tue, 10 Nov 2009) | 15 lines Merged revisions 229167 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r229167 | dvossel | 2009-11-10 11:15:57 -0600 (Tue, 10 Nov 2009) | 9 lines don't crash on log message in solaris AST-2009-006 (closes issue ASTERISK-15101) Reported by: bklang Tested by: bklang ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=229232 By: Digium Subversion (svnbot) 2009-11-10 11:59:20.000-0600 Repository: asterisk Revision: 229233 _U branches/1.6.1/ U branches/1.6.1/channels/chan_iax2.c ------------------------------------------------------------------------ r229233 | dvossel | 2009-11-10 11:59:20 -0600 (Tue, 10 Nov 2009) | 22 lines Merged revisions 229168 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r229168 | dvossel | 2009-11-10 11:16:49 -0600 (Tue, 10 Nov 2009) | 15 lines Merged revisions 229167 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r229167 | dvossel | 2009-11-10 11:15:57 -0600 (Tue, 10 Nov 2009) | 9 lines don't crash on log message in solaris AST-2009-006 (closes issue ASTERISK-15101) Reported by: bklang Tested by: bklang ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=229233 By: Digium Subversion (svnbot) 2009-11-10 12:00:26.000-0600 Repository: asterisk Revision: 229234 _U branches/1.6.0/ U branches/1.6.0/channels/chan_iax2.c ------------------------------------------------------------------------ r229234 | dvossel | 2009-11-10 12:00:26 -0600 (Tue, 10 Nov 2009) | 22 lines Merged revisions 229168 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r229168 | dvossel | 2009-11-10 11:16:49 -0600 (Tue, 10 Nov 2009) | 15 lines Merged revisions 229167 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r229167 | dvossel | 2009-11-10 11:15:57 -0600 (Tue, 10 Nov 2009) | 9 lines don't crash on log message in solaris AST-2009-006 (closes issue ASTERISK-15101) Reported by: bklang Tested by: bklang ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=229234 | ||