Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-9753

Accessing the WSS interface via regular HTTPS breaks the whole Sofia profile


    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.10
    • Fix Version/s: 1.8.0
    • Component/s: mod_sofia
    • Labels:
    • Environment:
      Windows 10. Using FS from MSI package.
    • CPU Architecture:
      x86-64, x86
    • Kernel:
      Microsoft Windows
    • Userland:
      Microsoft Windows
    • Distribution:
      Microsoft Windows
    • Distribution Version:
      Microsoft Windows 10
    • Compiler:
      Microsoft Visual Studio
    • Compiler Version:
      2015 update 3 (14.0.25431.01)
    • FreeSWITCH GIT Revision:
    • GIT Master Revision hash::


      If you make a normal HTTPS (not WSS) request to FreeSWITCH a few times then eventually the sofia profile stops responding to WSS/HTTPS on 7443 as well as regular SIP/UDP on 5060.

      For example if you load the page in Firefox you should get a blank page with HTTP code 400 (as in v1.6.6). But in v1.6.10 you actually end up breaking sofia.

      Netstat shows that FreeSWITCH is still listening on port 5060 and 7443, it just isn't responding on those ports.

      This is a problem as it allows any unauthenticated attacker to bring down a whole sofia profile just by making a web request! Also I find loading the page in a browser is useful for checking certificate errors.

      I am not a FS developer but it looks like maybe there is a thread that services all inbound connections and this thread is getting stuck somewhere, hence FS is still listening on port 5060 and 7443 but is not responding to them.

      I have also tested this with an old 1.6.6 build and found that the bug does not exist there.

      Possibly noteworthy: once sofia is in the broken state attempting to unload mod_sofia causes a long wait, followed by a full FreeSWITCH crash.

      Also noteworthy: the issue does not happen when requests are made to (unencrypted WS), only on WSS.

      Attached is a copy of the console log with sofia loglevel all 9 activated. The log includes annotations of what was going on at the time.




            • Assignee:
              mikej Mike Jerris
              davidpalmer David Palmer
            • Votes:
              1 Vote for this issue
              7 Start watching this issue


              • Created: