| Summary: | ASTERISK-25122: Large SIP packet received via pjsip over websocket crashes Asterisk | ||
| Reporter: | Ivan Poddubny (ipoddubny) | Labels: | |
| Date Opened: | 2015-05-23 05:15:20 | Date Closed: | 2015-05-27 08:21:28 |
| Priority: | Major | Regression? | Yes |
| Status: | Closed/Complete | Components: | Resources/res_pjsip_transport_websocket |
| Versions: | SVN 13.3.2 13.4.0 | Frequency of Occurrence | Frequent |
| Related Issues: | |||
| Environment: | Debian 8, pjsip 2.4 | Attachments: | |
| Description: | A regression introduced in 13.2.0 causes a crash when pjsip receives a SIP packet over websocket that is larger than PJSIP_MAX_PKT_LEN. The packet is truncated but the len field in pkg_info is not, thus leading to memory corruption and a segfault.
The patch is up for review at https://gerrit.asterisk.org/#/c/528/ | ||
| Comments: | |||