[Home]

Summary:ASTERISK-29908: pjsip: Asterisk asserts on nonexistent registration auth and crashes
Reporter:N A (InterLinked)Labels:
Date Opened:2022-02-08 20:33:08.000-0600Date Closed:2022-02-09 04:05:10.000-0600
Priority:MajorRegression?
Status:Closed/CompleteComponents:Resources/res_pjsip Resources/res_pjsip_outbound_registration
Versions:18.9.0 Frequency of
Occurrence		Constant
Related
Issues:
duplicatesASTERISK-29888 res_pjsip_outbound_authenticator_digest: ABRT attempting to clean up auth_sess
Environment:Attachments:
Description:Asterisk crashes when an invalid pjsip config is added.

Adding the following pjsip config, then running pjsip reload, causes Asterisk to crash:

[reg_test]
type = registration
retry_interval = 20
max_retries = 10
contact_user = test
expiration = 120
transport = transport-udp
outbound_auth = auth_SOMETHING-THAT-DOESNT-EXIST
client_uri = sip:something@something:PORT
server_uri = sip:something@something:PORT

[auth_test]
type = auth
password = test
username = test

If the referenced auth doesn't exist, Asterisk crashes.
If it exists, then no issue.

Expected behavior: PJSIP spits out a warning, but Asterisk does not crash ;)

Backtrace of thread 1:

Thread 1 (Thread 0x7f1eb43c9700 (LWP 3061921)):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
       set = {__val = {134238211, 139770454382278, 3978702925205438464, 139769913050784, 139769913050885, 139769913050784, 139769913050784, 139769913050893, 139769913051084, 139769913050784, 139769913051084, 0, 0, 0, 0, 0}}
       pid = <optimized out>
       tid = <optimized out>
#1  0x00007f1ed8431537 in __GI_abort () at abort.c:79
       save_stage = 1
       act = {__sigaction_handler = {sa_handler = 0x7f1eb801bd70, sa_sigaction = 0x7f1eb801bd70}, sa_mask = {__val = {0, 0, 109, 0, 0, 0, 21474836480, 94548822130008, 139769849611408, 139770455514064, 139770455499048, 0, 11911056802091368448, 139770455482328, 139770469404672, 139770455499048}}, sa_flags = -652552808, sa_restorer = 0x20b}
       sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007f1ed843140f in __assert_fail_base (fmt=0x7f1ed859a128 "%s%s%s:%u: %s%sAssertion `%s' failed.n%n", assertion=0x7f1ed91ad68e "sess && sess->endpt", file=0x7f1ed91ad598 "../src/pjsip/sip_auth_client.c", line=523, function=<optimized out>) at assert.c:92
       str = 0x7f1eb801bd70 ""
       total = 4096
#3  0x00007f1ed8440662 in __GI___assert_fail (assertion=0x7f1ed91ad68e "sess && sess->endpt", file=0x7f1ed91ad598 "../src/pjsip/sip_auth_client.c", line=523, function=0x7f1ed91ad9b0 <__PRETTY_FUNCTION__.7> "pjsip_auth_clt_deinit") at assert.c:101
#4  0x00007f1ed90e87e0 in pjsip_auth_clt_deinit (sess=0x7f1eb43c86c0) at ../src/pjsip/sip_auth_client.c:523
       auth = 0x1b804bbd0
       __PRETTY_FUNCTION__ = "pjsip_auth_clt_deinit"
#5  0x00007f1eb5339c37 in digest_create_request_with_auth (auth_ids_vector=0x55fddcb8a2c0, challenge=0x7f1eb82b4568, old_request=0x7f1eb801cc18, new_request=0x7f1eb43c8840) at res_pjsip_outbound_authenticator_digest.c:567
       auth_sess = {pool = 0x0, endpt = 0x0, pref = {initial_auth = 0, algorithm = {ptr = 0x0, slen = 0}}, cred_cnt = 0, cred_info = 0x0, cached_auth = {prev = 0x0, next = 0x0, pool = 0x0, realm = {ptr = 0x0, slen = 0}, is_proxy = 0, qop_value = PJSIP_AUTH_QOP_NONE, stale_cnt = 0, nc = 0, cnonce = {ptr = 0x0, slen = 0}, last_chal = 0x0}}
       cseq = 0x7f1ed903e998
       status = 32542
       auth_objects_vector = {elems = 0x7f1eb804bbd0, max = 1, current = 0}
       auth_object_count = 0
       endpoint = 0x7f1eb8003368
       id = 0x7f1eb43c8620 "REDACTED:REDACTED"
       id_type = 0x7f1eb533a3b0 "Host"
       realms = 0x0
       dlg = 0x0
       res = -1
       __PRETTY_FUNCTION__ = "digest_create_request_with_auth"
       __FUNCTION__ = "digest_create_request_with_auth"
#6  0x00007f1eb53863b5 in ast_sip_create_request_with_auth (auths=0x55fddcb8a2c0, challenge=0x7f1eb82b4568, old_request=0x7f1eb801cc18, new_request=0x7f1eb43c8840) at res_pjsip.c:3456
       __FUNCTION__ = "ast_sip_create_request_with_auth"
#7  0x00007f1eb5320002 in handle_registration_response (data=0x7f1eb8048240) at res_pjsip_outbound_registration.c:1090
       res = 22013
       cseq_hdr = 0x7f1eb43c8cb0
       tdata = 0x7f1eb8047c18
       response = 0x7f1eb8048240
       info = {server_uri = {ptr = 0x7f1eb8003d08 "sip:REDACTED@REDACTED:REDACTED", slen = 37}, client_uri = {ptr = 0x7f1eb8003e18 "sip:REDACTED@REDACTED:REDACTED", slen = 37}, is_busy = 0, auto_reg = 0, interval = 4294967295, next_reg = 0, transport = 0x55fddcdd30b8}
       server_uri = "sip:REDACTED@REDACTED:REDACTED", '000' <repeats 11 times>, "370!)270000000000000350061000270036177000000000213<264036177000000003000000000000000000000Њ<264036177", '000' <repeats 12 times>, "002000000000000000{/I330036177000000O213355264036177000000000000(324r223L245001", '000' <repeats 17 times>, "002000000000000000000020000000000000000000O213355264036177000000000000(324r223L245000340a", '000' <repeats 13 times>, "`213<264036177000000N"...
       client_uri = "sip:REDACTED@REDACTED:REDACTED000000000/246031331036177000000030|004270036177000000ptI334375U000000360210<264036177000000226267031331036177000000f32-80fd5416250b200211<264036177000000x211<264036177000000000211<264036177000000331&030331036177000000000211<264036177000000320t030331036177000000001000000000000000000000002000000000000000000000002", '000' <repeats 15 times>, "j310373VE(003B000000000000000000000000066062065060b000000000"...
       __PRETTY_FUNCTION__ = "handle_registration_response"
       __FUNCTION__ = "handle_registration_response"
#8  0x000055fddac1502a in ast_taskprocessor_execute (tps=0x55fddcb8a370) at taskprocessor.c:1237
       local = {local_data = 0x7f1eb4ed8b4f, data = 0x55fddac1fd45 <ast_threadstorage_set_ptr+60>}
       t = 0x7f1eb804a170
       size = 1
       __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#9  0x000055fddac22a1e in execute_tasks (data=0x55fddcb8a370) at threadpool.c:1354
       tps = 0x55fddcb8a370
#10 0x000055fddac1502a in ast_taskprocessor_execute (tps=0x55fddc494cb0) at taskprocessor.c:1237
       local = {local_data = 0x7f1eb43c8d60, data = 0x55fddc494b18}
       t = 0x7f1eb804a140
       size = 3023867312
       __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#11 0x000055fddac20583 in threadpool_execute (pool=0x55fddc494b30) at threadpool.c:367
       __PRETTY_FUNCTION__ = "threadpool_execute"
#12 0x000055fddac221b4 in worker_active (worker=0x7f1ec8001180) at threadpool.c:1137
       alive = 0
#13 0x000055fddac21f25 in worker_start (arg=0x7f1ec8001180) at threadpool.c:1056
       worker = 0x7f1ec8001180
       saved_state = (ZOMBIE | unknown: 0x55fc)
       __PRETTY_FUNCTION__ = "worker_start"
#14 0x000055fddac2e535 in dummy_start (data=0x55fddc9ade20) at utils.c:1572
       __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {0, -7867487808718471600, 139769861213006, 139769861213007, 139769849614208, 516096, -7867487808827523504, -4100584114122490288}, __mask_was_saved = 0}}, __pad = {0x7f1eb43c8ed0, 0x0, 0x0, 0x0}}
       __cancel_routine = 0x55fddaa8336d <ast_unregister_thread>
       __cancel_arg = 0x7f1eb43c9700
       __not_first_call = 0
       ret = 0x0
       a = {start_routine = 0x55fddac21e8f <worker_start>, data = 0x7f1ec8001180, name = 0x7f1ec8001290 "worker_start         started at [ 1111] threadpool.c worker_thread_start()"}
       __PRETTY_FUNCTION__ = "dummy_start"
#15 0x00007f1ed88deea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
       ret = <optimized out>
       pd = <optimized out>
       unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139769849616128, 7848782376321580624, 139769861213006, 139769861213007, 139769849614208, 516096, -7867487808720568752, -7867286178244559280}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
       not_first_call = 0
#16 0x00007f1ed8509def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Comments:By: Asterisk Team (asteriskteam) 2022-02-08 20:33:08.895-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/].