Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-9753

Accessing the WSS interface via regular HTTPS breaks the whole Sofia profile

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.10
    • Fix Version/s: 1.8.0
    • Component/s: mod_sofia
    • Labels:
      None
    • Environment:
      Windows 10. Using FS from MSI package.
    • CPU Architecture:
      x86-64, x86
    • Kernel:
      Microsoft Windows
    • Userland:
      Microsoft Windows
    • Distribution:
      Microsoft Windows
    • Distribution Version:
      Microsoft Windows 10
    • Compiler:
      Microsoft Visual Studio
    • Compiler Version:
      2015 update 3 (14.0.25431.01)
    • FreeSWITCH GIT Revision:
      726448d962b26535259f07fde874f866dad0e90b
    • GIT Master Revision hash::
      0578331edf0d128cdca4a5f699698ee343759c50

      Description

      If you make a normal HTTPS (not WSS) request to FreeSWITCH a few times then eventually the sofia profile stops responding to WSS/HTTPS on 7443 as well as regular SIP/UDP on 5060.

      For example if you load the page https://192.168.42.4:7443/ in Firefox you should get a blank page with HTTP code 400 (as in v1.6.6). But in v1.6.10 you actually end up breaking sofia.

      Netstat shows that FreeSWITCH is still listening on port 5060 and 7443, it just isn't responding on those ports.

      This is a problem as it allows any unauthenticated attacker to bring down a whole sofia profile just by making a web request! Also I find loading the page in a browser is useful for checking certificate errors.

      I am not a FS developer but it looks like maybe there is a thread that services all inbound connections and this thread is getting stuck somewhere, hence FS is still listening on port 5060 and 7443 but is not responding to them.

      I have also tested this with an old 1.6.6 build and found that the bug does not exist there.

      Possibly noteworthy: once sofia is in the broken state attempting to unload mod_sofia causes a long wait, followed by a full FreeSWITCH crash.

      Also noteworthy: the issue does not happen when requests are made to http://192.168.42.4:5066/ (unencrypted WS), only on WSS.

      Attached is a copy of the console log with sofia loglevel all 9 activated. The log includes annotations of what was going on at the time.

        Attachments

          Activity

            People

            • Assignee:
              mikej Mike Jerris
              Reporter:
              davidpalmer David Palmer
            • Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: