[Bug 501116] Re: chan_iax2 crashes on nonexistent fr->callno (patch available)
** Description changed:
Binary package hint: asterisk
We are getting occasional segfaults on a karmic system
(1:1.6.2.0~rc2-0ubuntu1.1) with heavy iax2 traffic (crashes occur every
few days):
[442046.620342] asterisk[8552]: segfault at 48d ip b6022c71 sp b4ee04a0
error 4 in chan_iax2.so[b5ff2000+48000]
A backtrace reveals:
Core was generated by `/usr/sbin/asterisk -f -p -g -U asterisk -vvvg -c'.
Program terminated with signal 11, Segmentation fault.
#0 0xb6022c71 in socket_process (thread=) at
chan_iax2.c:9451
9451if (ast_test_flag(iaxs[fr->callno],
IAX_ENCRYPTED)) {
(gdb) bt
#0 0xb6022c71 in socket_process (thread=) at
chan_iax2.c:9451
#1 0xb602bfa1 in iax2_process_thread (data=0xb8fb5748) at chan_iax2.c:11133
#2 0xb76b56b4 in dummy_start (data=0xb8fb1fb0) at utils.c:968
#3 0xb714b80e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#4 0xb735e7ee in clone () from /lib/tls/i686/cmov/libc.so.6
This bug was reported as part of another bug report in the Asterisk
- issues system (https://issues.asterisk.org/view.php?id=15609#111024) and
- fixed in both the 1.4 and 1.6.2 lines (the patch is the same for both
- lines):
+ issues system (https://bit.ly/2BtN52W) and fixed in both the 1.4 and
+ 1.6.2 lines (the patch is the same for both lines):
-
http://svnview.digium.com/svn/asterisk/branches/1.6.2/channels/chan_iax2.c?view=patch=219590=219589=219590
+ https://bit.ly/2BtN52W
Please consider applying this patch, as it is causing Asterisk-wide
crashes. Thank you.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/501116
Title:
chan_iax2 crashes on nonexistent fr->callno (patch available)
To manage notifications about this bug go to:
https://bugs.launchpad.net/asterisk/+bug/501116/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
Bug was fixed as part of #15609, but unrelated to it. Therefore this is actually fixed in Asterisk, so the bug does not need to be tracked. ** Changed in: asterisk Importance: Unknown = Undecided ** Changed in: asterisk Status: In Progress = New ** Changed in: asterisk Remote watch: issues.asterisk.org/ #15609 = None ** Changed in: asterisk Status: New = Fix Released -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
This bug was fixed in the package asterisk - 1:1.6.2.0~rc2-0ubuntu1.2 --- asterisk (1:1.6.2.0~rc2-0ubuntu1.2) karmic-proposed; urgency=low * debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on heavy traffic on iax2 channel, editing channels/chan_iax2.c. Based on upstream patch. (LP: #501116) -- Roberto D'Auria everlastingf...@autistici.org Tue, 29 Dec 2009 22:42:00 +0100 ** Changed in: asterisk (Ubuntu Karmic) Status: Fix Committed = Fix Released -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** Branch linked: lp:ubuntu/asterisk ** Branch linked: lp:ubuntu/karmic-proposed/asterisk -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
The karmic-proposed packages have been running for the work week in production without a problem, so I can confirm the patched version as verified. Thank you. -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** Tags added: verification-done ** Tags removed: verification-needed -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3723 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3727 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-4055 -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
Accepted into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: asterisk (Ubuntu Karmic) Status: Confirmed = Fix Committed ** Tags added: verification-needed -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
Thanks Scott. They have not yet hit the mirrors, but I have downloaded the .debs from LP and begun testing. The patch is correct and there does not appear to be build regressions, but I will continue testing and post back later. For anyone else that wants to test, the problem is a race condition, but I did work out a procedure for triggering it somewhat consistently: 1. Set up 2 asterisk servers, Server A and Server B (the affected server). Ideally the servers should be far enough away on the network (in my setup, they're 90ms RTT from each other). 2. Register Twinkle with Server A. 3. Set up a dial plan that allows Twinkle to call Server B via Server A with Dial(IAX2/serverb/s,60). The endpoint on Server B must pick up immediately, for example Answer() and Playback(tt-weasels). 4. Dial the endpoint with Twinkle, then hang up. 5. Rapidly toggle between F12 (redial) and Esc (hang up). 6. Server B should eventually segfault if unpatched, but should not if patched. -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
Changed karmic to karmic-proposed and added a '#' before LP number. ** Attachment added: new debdiff http://launchpadlibrarian.net/37288255/asterisk_1.6.2.0%7Erc2-0ubuntu1.2.debdiff -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** Changed in: asterisk (Ubuntu) Status: Confirmed = New -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
ubuntu-sru ACK. -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
Package uploaded. ** Changed in: asterisk (Ubuntu) Status: New = Confirmed -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** Also affects: asterisk (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: asterisk (Ubuntu Karmic) Status: New = Confirmed -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
I updated lucid package too, by adding the old patches (already in karmic) and the new one that fixes this bug. ** Attachment added: debdiff for lucid http://launchpadlibrarian.net/37288897/asterisk_1.6.2.0%7Erc2-0ubuntu2.debdiff -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
This bug was fixed in the package asterisk - 1:1.6.2.0~rc2-0ubuntu2 --- asterisk (1:1.6.2.0~rc2-0ubuntu2) lucid; urgency=low [ Dave Walker (Daviey) ] * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632). - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to check ACL for handling SIP INVITEs. This blocks calls on networks intended to be prohibited, by configuration. Based on upstream patch. - AST-2009-007 - CVE-2009-3723 * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637). - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message to stop a specially crafted series of requests returning valid usernames. Based on upstream patch. - AST-2009-008 - CVE-2009-3727 * SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555). - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP comfort noise payload containing 24 bytes or greater is recieved. - AST-2009-010 - CVE-2009-4055 [ Roberto D'Auria ] * debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on heavy traffic on iax2 channel, editing channels/chan_iax2.c. Based on upstream patch. (LP: #501116) -- Roberto D'Auria everlastingf...@autistici.org Wed, 30 Dec 2009 14:49:24 +0100 ** Changed in: asterisk (Ubuntu) Status: Confirmed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3723 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3727 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-4055 -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
I patched the source, here's the debdiff. This is my first patch, so I hope I've done it well. Any comment/suggestion will be very useful. ** Attachment added: debdiff of patched source http://launchpadlibrarian.net/37277921/asterisk_1.6.2.0%7Erc2-0ubuntu1.2.debdiff ** Changed in: asterisk (Ubuntu) Status: New = Confirmed -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** Bug watch added: issues.asterisk.org/ #15609 https://issues.asterisk.org/view.php?id=15609 ** Also affects: asterisk via https://issues.asterisk.org/view.php?id=15609 Importance: Unknown Status: Unknown -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 501116] Re: chan_iax2 crashes on nonexistent fr-callno (patch available)
** Changed in: asterisk Status: Unknown = In Progress -- chan_iax2 crashes on nonexistent fr-callno (patch available) https://bugs.launchpad.net/bugs/501116 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
