Summary: | ASTERISK-25122: Large SIP packet received via pjsip over websocket crashes Asterisk | ||
Reporter: | Ivan Poddubny (ipoddubny) | Labels: | |
Date Opened: | 2015-05-23 05:15:20 | Date Closed: | 2015-05-27 08:21:28 |
Priority: | Major | Regression? | Yes |
Status: | Closed/Complete | Components: | Resources/res_pjsip_transport_websocket |
Versions: | SVN 13.3.2 13.4.0 | Frequency of Occurrence | Frequent |
Related Issues: | |||
Environment: | Debian 8, pjsip 2.4 | Attachments: | |
Description: | A regression introduced in 13.2.0 causes a crash when pjsip receives a SIP packet over websocket that is larger than PJSIP_MAX_PKT_LEN. The packet is truncated but the len field in pkg_info is not, thus leading to memory corruption and a segfault.
The patch is up for review at https://gerrit.asterisk.org/#/c/528/ | ||
Comments: |