#2016 closed defect (fixed)
Buffer overrun in PJSIP transaction layer — at Version 2
Reported by: | ming | Owned by: | bennylp |
---|---|---|---|
Priority: | normal | Milestone: | release-2.7 |
Component: | pjsip | Version: | trunk |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: | no |
Description (last modified by ming)
A crash can happen if PJSIP receives a message with a specific CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.
Thanks to George Joseph and Asterisk team for the report.
Change History (2)
comment:1 Changed 8 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 8 years ago by ming
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
In 5593: