Summary:ASTERISK-18867: Incorrect Password in jabber.conf leads to memory leak
Reporter:Nigel Vander Houwen (nigelvh)Labels:
Date Opened:2011-11-14 18:01:04.000-0600Date Closed:2015-02-26 09:28:33.000-0600
Versions: Frequency of
One Time
Environment:Ubuntu 11.04 x64Attachments:( 0) Asterisk_Mem_Data.txt
( 1) issueA18867-jabber_missing_unref.patch
( 2) jabber-authfail.patch
Description:I have my asterisk setup configured for calling via Google Voice as per the directions here: https://wiki.asterisk.org/wiki/display/AST/Calling+using+Google

I recently updated my google password, and forgot to update the password in jabber.conf for the asterisk server. I don't do a lot of calling, so I didn't really notice it for a while. Anyway, the server crashed, I thought it was a fluke, restarted it, and then looked again today and RAM was totally used up and swap was getting close. TOP indicated asterisk as the culprit. Logged into the CLI with high verbosity, and it was spewing constant errors about the password (Sorry, I didn't grab a copy of one of the lines before I fixed it). Anyway, I corrected the password and restarted asterisk and things seem happy again.

I don't assume that complete ram usage and server crashing is defined behavior for an incorrect password.
Comments:By: Nigel Vander Houwen (nigelvh) 2011-11-14 19:22:50.394-0600

Alright, I got home this evening, and recreated this issue by putting in an incorrect password. The errors it gives is as follows, and repeats about every 5 seconds.

[Nov 14 17:21:38] ERROR[2991]: res_jabber.c:1694 aji_act_hook: JABBER: encryption failure. possible bad password.
[Nov 14 17:21:38] ERROR[2991]: res_jabber.c:1577 aji_act_hook: aji_act_hook was called with out a packet
[Nov 14 17:21:38] WARNING[2991]: res_jabber.c:1392 aji_recv: Parsing failure: Hook returned an error.
[Nov 14 17:21:38] WARNING[2991]: res_jabber.c:2743 aji_recv_loop: JABBER: Got hook event.
[Nov 14 17:21:38] WARNING[2991]: res_jabber.c:2754 aji_recv_loop: JABBER: socket read error

By: Walter Doekes (wdoekes) 2011-11-15 04:11:43.280-0600

Please try this patch and see if it helps.

By: Matt Jordan (mjordan) 2011-11-15 10:33:08.145-0600

Assigned to Dave Bowerman, as he is currently handling res_jabber / chan_gtalk issues.  Walter, if your patch works please feel free to take this issue and close it once it goes through the ReviewBoard process.

By: Nigel Vander Houwen (nigelvh) 2011-11-15 12:19:29.474-0600

I won't be able to test the patch till this evening, so I'll get the results to you then. Thank you for the quick response.

By: Nigel Vander Houwen (nigelvh) 2011-11-15 21:01:42.842-0600

I have applied the patch this evening, it seems that I'm still seeing a memory issue. On startup (as is normal) asterisk started with about 4.5% memory usage (of 512MB). In less than an hour we're at 9.1% and continuing to rise. I'll watch it for a while longer and see if it stabilizes, but initial indications are in the negative.

By: Nigel Vander Houwen (nigelvh) 2011-11-15 23:01:30.051-0600

It's now been a couple of hours, and it's now at 18.4% usage and not leveling off. Seems like the issue is still there. I'll switch back to a correct password till I hear back.

By: Walter Doekes (wdoekes) 2011-11-16 01:57:07.587-0600

Thanks for trying that. If you have the time, you could enable MEMORY_DEBUG in menuconfig.

Then you get the

memory show summary
memory show summary res_jabber
memory show allocations res_jabber

commands at your disposal. Those would aid in debugging the leak.

By: Dave Bowerman (dbowerman) 2011-11-16 19:43:02.132-0600

Whats the preferred action on Invalid password?
I think we should log the fact that the clients password is invalid and then terminate the connection.

By: Nigel Vander Houwen (nigelvh) 2011-11-16 20:11:08.089-0600

Alright, I've recompiled with MALLOC_DEBUG enabled (the patch previously provided is still in effect as well) and am attaching a text document with the data for the three suggested commands from running with a correct password, and with an incorrect password.

Watching the memory usage from the mentioned commands with an incorrect password doesn't seem to show and gains in memory usage that I could notice, however, watching the memory usage in TOP clearly shows a correct password with stable ram usage, and with an incorrect password gaining steadily.

By: Nigel Vander Houwen (nigelvh) 2011-11-16 20:12:20.184-0600

Asterisk memory data for res_jabber.c with a correct password and with an incorrect password.

By: Dave Bowerman (dbowerman) 2011-11-16 22:05:44.433-0600

jabber-authfail.patch will disconnect the client on authorization failure. Without the patch the bad credentials are retried every 4 seconds.

By: Nigel Vander Houwen (nigelvh) 2011-11-17 10:13:04.967-0600

Dave, I noticed your patch last night, but I can't download it. It says license pending...

By: Dave Bowerman (dbowerman) 2011-11-17 17:29:49.246-0600

Nigel, yes. Just waiting on Digium to process my license. My original one from many years ago obviously didnt make it to JIRA...

By: Walter Doekes (wdoekes) 2011-11-22 15:03:16.254-0600

This might be relevant:

By: Nigel Vander Houwen (nigelvh) 2011-11-28 14:59:40.409-0600

It appears the license has come through, and the patch is now available for download, I will try installing it tonight and come back with the results.

By: Nigel Vander Houwen (nigelvh) 2011-11-28 23:47:12.684-0600

Dave, the patch you have provided does appear to fix the issue on a clean install (without the previous test patch)(I did not try on the old install).

The error with jabber shows only once during startup, and includes the new message about a possible bad password. Memory usage is stable, 'jabber show connections' shows Disconnected, and 'memory show allocations jabber' shows '0 bytes allocated in 0 allocations'.

The only thing I noticed is that if I correct the password in jabber.conf while leaving asterisk running, and try 'jabber reload' the client won't start, a full restart of asterisk is required to bring it up, I don't know if this is intended or not, but thought I would pass it along.

By: Dave Bowerman (dbowerman) 2011-11-30 21:00:03.613-0600

Nigel, Yes Jabber Reload is fundamentally broken (and has been for a while by the look of it) Im working on a fix for that now.

By: Malcolm Davenport (mdavenport) 2015-02-26 09:28:33.282-0600

By the looks of it, the original issue was reported fixed.