Summary:ASTERISK-15651: Incorrect checking of Refer-To and Referred-By SIP headers
Reporter:tomsullivan (tomsullivan)Labels:
Date Opened:2010-02-17 20:58:31.000-0600Date Closed:2011-06-07 14:00:43
Versions:Frequency of
Description:Asterisk 1.2.39.

Within asterisk-1.2.39/channels/chan_sip.c, lines 7032 and 7039 the Refer-To and Referred-By headers are parsed from the SIP request.

The get_header(...) method returns empty string if the header is not found, but the test on these lines is only for NULL, so both refer_to and referred_by can get through as "".

This is not a problem per se for refer_to, as it is checked later on (line 7050) and -1 is returned.

However, referred_by gets set to NULL (line 7057), which (in concert with the bristuff patches) causes a SEGFAULT when dereferenced.
Comments:By: David Woolley (davidw) 2010-02-18 06:30:34.000-0600

Asterisk 1.2 only receives security fixes.  You need to reproduce this on a recent 1.4, 1.6 or trunk version.

By: Leif Madsen (lmadsen) 2010-02-19 12:16:42.000-0600

As per davidw's note, Asterisk 1.2 does not receive bug fixes. If this is an issue on Asterisk 1.4 or above, please open a new ticket with the following information attachements added as text files to the ticket:

* SIP trace demonstrating the problem
* Console trace with debug level logging
* Configuration and topology in order to be reproduced or at least understood by a developer.