Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-10713

Crash when logging in as root over WebSocket

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.8, 1.6.20
    • Fix Version/s: None
    • Component/s: mod_verto
    • Labels:
      None
    • CPU Architecture:
      x86-64
    • Kernel:
      Linux
    • Userland:
      GNU/Linux
    • Distribution:
      CentOS
    • Distribution Version:
      CentOS 7
    • lsb_release:
      Hide
      LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
      Distributor ID: CentOS
      Description: CentOS Linux release 7.0.1406 (Core)
      Release: 7.0.1406
      Codename: Core
      Show
      LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.0.1406 (Core) Release: 7.0.1406 Codename: Core
    • Compiler:
      gcc
    • Compiler Version:
      gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
    • FreeSWITCH GIT Revision:
      FreeSWITCH Version 1.9.0+git~20171005T112222Z~4ba8c7dc48~64bit (git 4ba8c7d 2017-10-05 11:22:22Z 64bit)
    • GIT Master Revision hash::
      4ba8c7dc48f1f5abc1dcbdcdd5cf8e78b50e3209

      Description

      Hi,

      If you start `mod_verto` without a `<param name="rootpasswd" value="somepassword"/>` line in the Verto profile parameters configuration, logging in as root will segfault FreeSWITCH in a CentOS 7 with GCC 4.8.5 environment.

      To reproduce the issue, open Chrome (or any browser) on an empty page, then in the JavaScript console, copy and paste this code, then run :

      var ws = new WebSocket("wss://freeswitch.server.hostname:8082")
      ws.onclose = function() { console.log("WebSocket has been closed, is server down ?"); }
      ws.onopen = function(event) {
        console.log("WebSocket open, now sending login request");
        
        var request = {
          jsonrpc: "2.0",
          method: "login",
          params: {
            login: "root",
            passwd: "blabla"
          }
        }

        this.send(JSON.stringify(request));
      }

      You should see the "WebSocket has been closed, is server down ?", indicating that FS closed the WebSocket, most probably because it crashed.

      That is because we're using `strcmp` on the uninitialized (or NULL) pointer `jsock->profile->root_passwd`.

        Attachments

        1. bt.txt
          1 kB
        2. bt-full.txt
          3 kB
        3. info-jsock-profile.txt
          3 kB
        4. thread-apply-all-bt.txt
          24 kB
        5. thread-apply-all-bt-full.txt
          48 kB

          Activity

            People

            • Assignee:
              mikej Mike Jerris
              Reporter:
              phsultan Philippe Sultan
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: