Hi! Thanks to the author and maintainers for this tool!
Just starting to try it out.
When trying out the -U -M mode of operation(register then send a SIP MESSAGE to the registered account), I get a buffer overflow / SIGABRT:
sipsak -v -U -M -s 'sip:userid@sip.mydomain.example' -u 'userid' -a 'password'
*** buffer overflow detected ***: terminated
fish: Job 1, 'sipsak -v -U -M -s 'sip:…' terminated by signal SIGABRT (Abort)
Running with maximum verbosity shows that the buffer overflow occurs when sending out the MESSAGE request:
sipsak -vvv -U -M -s 'sip:userid@sip.mydomain.example' -u 'userid' -a 'password'
...
New message with Via-Line:
MESSAGE sip:userid@sip.mydomain.example SIP/2.0
Via: SIP/2.0/UDP 127.0.1.1:56714;branch=z9hG4bK.5cd0e785;rport;alias
To: sip:userid@sip.mydomain.example
Call-ID: 785519064@127.0.1.1
CSeq: 3 MESSAGE
Content-Type: text/plain
Max-Forwards: 70
User-Agent: sipsak 0.9.8.1
From: sip:sipsak@127.0.1.1:56714;tag=2ed211d8
Content-Length: 43
test message from SIPsak for user userid.
*** buffer overflow detected ***: terminated
fish: Job 1, 'sipsak -vvv -U -M -s 'sip:…' terminated by signal SIGABRT (Abort)
(I have modified the output to omit any sensitive information for passwords and userids).
The server I'm testing against is an asterisk box(specifically a wazo-platform deployment based on Asterisk 22.2.0).
The version of sipsak I installed is the one available on the ubuntu 22.04 repositories:
apt policy sipsak
sipsak:
Installed: 0.9.8.1-1build1
Candidate: 0.9.8.1-1build1
Version table:
*** 0.9.8.1-1build1 500
500 http://ca.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
100 /var/lib/dpkg/status
Thanks!
Hi! Thanks to the author and maintainers for this tool!
Just starting to try it out.
When trying out the
-U -Mmode of operation(register then send a SIP MESSAGE to the registered account), I get a buffer overflow / SIGABRT:Running with maximum verbosity shows that the buffer overflow occurs when sending out the
MESSAGErequest:(I have modified the output to omit any sensitive information for passwords and userids).
The server I'm testing against is an asterisk box(specifically a wazo-platform deployment based on Asterisk 22.2.0).
The version of sipsak I installed is the one available on the ubuntu 22.04 repositories:
Thanks!