From f1ffc22933167608db27ccdae8082ae83254d2e4 Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Tue, 16 Aug 2016 15:34:53 -0500 Subject: [PATCH] res_pjsip: Do not crash on ACKs from unknown endpoints. The endpoint identification PJSIP module is intended to identify which endpoint an incoming request is from. If an endpoint is not identified, then an artificial endpoint is used in its place when proceeding. The problem is that the ACK request type is an exception to the rule. The artificial endpoint is not used when processing an ACK. This results in the possibility of having a NULL endpoint being used further on. The reason ACK is an exception is an attempt not to spam security logs with unidentified requests. Presumably, you've already logged the unidentified request on the preceeding INVITE. Up until Asterisk 13.10, retrieving a NULL endpoint in this fashion didn't cause an issue. A new change in 13.10 added endpoint ACL checking shortly after endpoint identification. Because we are accessing a NULL endpoint, this ACL check resulted in a crash. The fix here is to be sure to retrieve the artificial endpoint for all request types. ACKs still do not generate unidentified request security events. ASTERISK-26264 #close Reported by nappsoft AST-2016-006 Change-Id: Ie0c795ae2d72273decb972dd74b6a1489fb6b703 --- res/res_pjsip/pjsip_distributor.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/res/res_pjsip/pjsip_distributor.c b/res/res_pjsip/pjsip_distributor.c index 8a91196395..ea3fff69b1 100644 --- a/res/res_pjsip/pjsip_distributor.c +++ b/res/res_pjsip/pjsip_distributor.c @@ -571,9 +571,7 @@ static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata) } } - if (!endpoint && !is_ack) { - char name[AST_UUID_STR_LEN] = ""; - pjsip_uri *from = rdata->msg_info.from->uri; + if (!endpoint) { /* always use an artificial endpoint - per discussion no reason to have "alwaysauthreject" as an option. It is felt using it @@ -581,6 +579,13 @@ static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata) breaking old stuff and we really don't want to enable the discovery of SIP accounts */ endpoint = ast_sip_get_artificial_endpoint(); + } + + rdata->endpt_info.mod_data[endpoint_mod.id] = endpoint; + + if (!is_ack) { + char name[AST_UUID_STR_LEN] = ""; + pjsip_uri *from = rdata->msg_info.from->uri; if (PJSIP_URI_SCHEME_IS_SIP(from) || PJSIP_URI_SCHEME_IS_SIPS(from)) { pjsip_sip_uri *sip_from = pjsip_uri_get_uri(from); @@ -614,7 +619,6 @@ static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata) ast_sip_report_invalid_endpoint(name, rdata); } } - rdata->endpt_info.mod_data[endpoint_mod.id] = endpoint; return PJ_FALSE; }