| Summary: | ASTERISK-15651: Incorrect checking of Refer-To and Referred-By SIP headers | ||
| Reporter: | tomsullivan (tomsullivan) | Labels: | |
| Date Opened: | 2010-02-17 20:58:31.000-0600 | Date Closed: | 2011-06-07 14:00:43 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/Transfers |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Asterisk 1.2.39. Within asterisk-1.2.39/channels/chan_sip.c, lines 7032 and 7039 the Refer-To and Referred-By headers are parsed from the SIP request. The get_header(...) method returns empty string if the header is not found, but the test on these lines is only for NULL, so both refer_to and referred_by can get through as "". This is not a problem per se for refer_to, as it is checked later on (line 7050) and -1 is returned. However, referred_by gets set to NULL (line 7057), which (in concert with the bristuff patches) causes a SEGFAULT when dereferenced. | ||
| Comments: | By: David Woolley (davidw) 2010-02-18 06:30:34.000-0600 Asterisk 1.2 only receives security fixes. You need to reproduce this on a recent 1.4, 1.6 or trunk version. By: Leif Madsen (lmadsen) 2010-02-19 12:16:42.000-0600 As per davidw's note, Asterisk 1.2 does not receive bug fixes. If this is an issue on Asterisk 1.4 or above, please open a new ticket with the following information attachements added as text files to the ticket: * SIP trace demonstrating the problem * Console trace with debug level logging * Configuration and topology in order to be reproduced or at least understood by a developer. Thanks! | ||