|Summary:||ASTERISK-19770: Security Vulnerability: Segmentation fault when receiving an out-of-dialogue SIP UPDATE including a rpid info|
|Reporter:||Thomas Arimont (tomaso)||Labels:|
|Date Opened:||2012-04-23 08:56:16||Date Closed:||2012-04-23 09:11:19|
|Environment:||Attachments:||( 0) ASTERISK-19278-2012-04-16.diff|
( 1) backtrace.log
|Description:||If a '(for any reason) misdirected' SIP Update including a rpid info is received outside of a regular SIP Invite dialogue (and no associated channel is available, p->owner = NULL) a segmentation fault arises.|
A NULL-pointer check for p->owner is missing in function handle_request_update().
Please see attached backtrace log and the attached related chan_sip.c module (since the used chan_sip.c is not exactly the mentioned affected version).