Ticket #2120 (closed defect: fixed)

Opened 3 months ago

Last modified 3 months ago

Crash in SIP session timer after call hold responded with 422

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjsip Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Scenario:

  1. SIP server is configured with both Session Expires (SE) and Min-SE are set to 3600.
  2. A & B clients are configured with SE & Min-SE set to default values (i.e: SE = 1800, Min-SE = 90).
  3. A calls B, B receives INVITE with only Min-SE header and its value is 3600.
  4. B answer the call without SE & Min-SE headers (session timer inactive).
  5. B sends re-INVITE/UPDATE/call-hold with SE & Min-SE headers (attempt to activate session timer), unfortunately it uses SE=1800 while previously server has signaled that its Min-SE is 3600.
  6. B receives 422 response as expected, and crashes.

After investigation, there seem to be a couple of bugs in the library:

  1. When callee receives Min-SE header only, it doesn't update local SE to that Min-SE, so in any future outgoing request, the callee will use its original SE (which may be lower than caller's Min-SE and trigger 422 response).
  2. The library wrongly assumes that 422 response can only occur in initial INVITE, while in the reported scenario it occurs in subsequent INVITE for call hold (due to bug #1 above), this is the main cause of the crash.

Thanks Shilpi Gupta for the report.

Change History

comment:1 Changed 3 months ago by nanang

  • Status changed from new to closed
  • Resolution set to fixed

In 5806:

Fix #2120:

  • Adjust local SE to comply to remote Min-SE when incoming request has Min-SE header but no SE header.
  • Handle the case of receiving 422 response for subsequent INVITE or UPDATE.
  • Add best effort to avoid INVITE/UPDATE req + 422 resp loop.
Note: See TracTickets for help on using tickets.