Skip to content
Snippets Groups Projects
Commit 870394c0 authored by Kevin Harwell's avatar Kevin Harwell
Browse files

res_pjsip_pubsub: unauthenticated remote crash in PJSIP pub/sub framework 

A remotely exploitable crash vulnerability exists in the PJSIP channel driver's
pub/sub framework. If an attempt is made to unsubscribe when not currently
subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries
to create an expiration timer with zero seconds, which is not allowed, so an
assertion raised.

The fix was to reject a subscription that is attempting to unsubscribe when not
being already subscribed.  Asterisk now checks for this situation appropriately
and responds with a 400 instead of crashing.

AST-2014-005

ASTERISK-23489 #close
........

Merged revisions 415812 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415813 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent e6cb6974
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 5 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment