[Home]

Summary:ASTERISK-25122: Large SIP packet received via pjsip over websocket crashes Asterisk
Reporter:Ivan Poddubny (ipoddubny)Labels:
Date Opened:2015-05-23 05:15:20Date Closed:2015-05-27 08:21:28
Priority:MajorRegression?Yes
Status:Closed/CompleteComponents:Resources/res_pjsip_transport_websocket
Versions:SVN 13.3.2 13.4.0 Frequency of
Occurrence
Frequent
Related
Issues:
Environment:Debian 8, pjsip 2.4Attachments:
Description:A regression introduced in 13.2.0 causes a crash when pjsip receives a SIP packet over websocket that is larger than PJSIP_MAX_PKT_LEN. The packet is truncated but the len field in pkg_info is not, thus leading to memory corruption and a segfault.

The patch is up for review at https://gerrit.asterisk.org/#/c/528/

Comments: