![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 14 years ago
Closed 14 years ago
#1092 closed defect (fixed)
Crash when receiving various messages with "Contact: *" header format (thanks Mikko Hännikäinen for the report)
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | critical | Milestone: | release-1.7 |
| Component: | common | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
The "Contact: *" header format is used in REGISTER request to unregister all bindings for the AOR. When parsing a message containing Contact header with this format, the parser creates a Contact header instance (pjsip_contact_hdr) with "star" field set to TRUE and "uri" field set to NULL.
Unfortunately, many PJSIP components do not check for this NULL "uri" condition, leading to crash/segfaults in various places. While the message itself is normally not valid for the scenario (such as in INVITE request), we shouldn't crash either.
This has been reproduced by sending INVITE, SUBSCRIBE, or MESSAGE containing Contact: * header. Other scenarios may be possible.
Change History (1)
comment:1 Changed 14 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
(In [3190]) Fixed #1092 (Crash when receiving various messages with "Contact: *" header format)