res_pjsip_pubsub: unauthenticated remote crash in PJSIP pub/sub framework
authorKevin Harwell <kharwell@digium.com>
Thu, 12 Jun 2014 14:39:29 +0000 (14:39 +0000)
committerKevin Harwell <kharwell@digium.com>
Thu, 12 Jun 2014 14:39:29 +0000 (14:39 +0000)
commit870394c0513d773c6c8cab9573bd27640281359e
tree415bc0b92036780d20addc7917446266030bacc7
parente6cb6974fe8a4ab68ccb78a466e1274aef9d4150
res_pjsip_pubsub: unauthenticated remote crash in PJSIP pub/sub framework

A remotely exploitable crash vulnerability exists in the PJSIP channel driver's
pub/sub framework. If an attempt is made to unsubscribe when not currently
subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries
to create an expiration timer with zero seconds, which is not allowed, so an
assertion raised.

The fix was to reject a subscription that is attempting to unsubscribe when not
being already subscribed.  Asterisk now checks for this situation appropriately
and responds with a 400 instead of crashing.

AST-2014-005

ASTERISK-23489 #close
........

Merged revisions 415812 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415813 65c4cc65-6c06-0410-ace0-fbb531ad65f3
res/res_pjsip_pubsub.c