ASTERISK-19770: Security Vulnerability: Segmentation fault when receiving an out-of-dialogue SIP UPDATE including a rpid info

[Home]

Summary: ASTERISK-19770: Security Vulnerability: Segmentation fault when receiving an out-of-dialogue SIP UPDATE including a rpid info

Reporter: Thomas Arimont (tomaso) Labels:

Date Opened: 2012-04-23 08:56:16 Date Closed: 2012-04-23 09:11:19

Priority: Major Regression?

Status: Closed/Complete Components: Channels/chan_sip/Messaging

Versions: 1.8.9.3 Frequency of
Occurrence One Time

Related
Issues:
must be completed before resolving ASTERISK-19618 Asterisk 1.8.12.0 Blockers

must be completed before resolving ASTERISK-19619 Asterisk 10.4.0 Blockers

Environment: Attachments: ( 0) ASTERISK-19278-2012-04-16.diff
( 1) backtrace.log

Description: If a '(for any reason) misdirected' SIP Update including a rpid info is received outside of a regular SIP Invite dialogue (and no associated channel is available, p->owner = NULL) a segmentation fault arises.
A NULL-pointer check for p->owner is missing in function handle_request_update().

Please see attached backtrace log and the attached related chan_sip.c module (since the used chan_sip.c is not exactly the mentioned affected version).

Comments: