[LBBS-120] mod_asterisk_ami: NULL dereference possible if ami_session is currently NULL

ASTERISK-169
stasis: Memory corruption in channel_snapshot_dialplan_create
ASTERISK-109
voicemail.conf.sample: Clarify misnamed option behavior
LBBS-121
mod_asterisk_queues: Memory corruption or use after free in agent list
ASTERISK-168
chan_iax2: Make refresh interval configurable
LBBS-120
mod_asterisk_ami: NULL dereference possible if ami_session is currently NULL
LBBS-119
module.c: Use after free when unloading modules with recursive dependents
PHREAKSCRIPT-39
Add optional flag to not update system first
ASTERISK-167
sig_analog: Improve Call Forwarding implementation
ASTERISK-166
sig_analog: Make call waiting hangup behavior configurable
LBBS-118
SEGV in IMAP session when mailbox selected
ASTERISK-165
res_calendar_icalendar: SEGV during module refresh
INTERLINKED-25
Optimize caching of dynamic CSS files
PHREAKNET-60
Enable standalone provisioning server
INTERLINKED-24
Improve programmatic interfaces to issues
LBBS-117
TLS/IMAP: Add extensible/detailed logging info
LBBS-116
net_imap: Untagged responses should be flushed before tagged response
LBBS-115
net_imap: Untagged EXPUNGE sent while no command in progress
EVERGREEN-4
Expunge of folder with mix of \Deleted messages results in stale view
LBBS-34
net_xmpp: Add XMPP protocol support
LBBS-114
net_imap: Modifying header files doesn't cause all dependents to get recompiled
PHREAKNET-47
Add automation for bill mailings
LBBS-47
Email enhancements
LBBS-31
mod_sieve: Major Sieve filtering overhaul and improvements
PHREAKNET-42
Provisioning fails for lines with certain features
LBBS-64
mod_operator: Crash with more than 64 options?
ASTERISK-164
chan_dahdi: Allow setting/getting lastexten from dialplan
ASTERISK-163
Add support for KP2
DAHTOOL-8
autoreconf fails
ASTERISK-162
chan_dahdi: Allow echo cancellation to be toggled during call
LBBS-49
Add functionality expected of a traditional BBS package
ASTERISK-161
config.c: Don't auto-prepend headers if config file unmodified
ASL-6
app_rpt: Allow dialplan to be executed when placing calls
ASL-5
app_rpt: DAHDI tones not working for genchannel
ASTERISK-23
logging: Update log levels
LBBS-113
Add support for TOTP two-factor and app passwords
ASTERISK-160
chan_dahdi: Add timer for caller subscriber held
LBBS-90
mod_smtp_delivery_external: Improve queuing process
LBBS-112
mod_asterisk_ami: Exponential backoff logic busy loops instead
LBBS-111
mod_asterisk_ami: Add multi-Asterisk support
LBBS-110
Support TDD message lines
INTERLINKED-23
Phone number verification not correctly decoding DTMF
LBBS-109
net_telnet: Local echo remains enabled in some cases
ASTERISK-32
chan_dahdi: Allow Call Forwarding to be set/get programatically
PHREAKSCRIPT-74
Finish real time inpulsing support
ASTERISK-159
chan_dahdi: Remove unused code
PHREAKSCRIPT-73
res_smdr_whozz: Heuristically use call progress to determine if call was answered
PHREAKSCRIPT-72
res_smdr_whozz: Build/support loop follower circuit for pulse support
ASTERISK-158
dsp.c: Dial tone detection fails through pulse to tone converter
ASTERISK-157
chan_dahdi: Empty voicemail messages on hangup
PHREAKSCRIPT-69
res_alarmsystem: Add additional environmental integration
PHREAKSCRIPT-37
app_softmodem: Support speeds higher than 2400bps
ASTERISK-151
ast_tls_cert: Expiration days needs to be configurable
ASTERISK-91
features.c: Add warning to not set BRIDGE_NOANSWER as global variable
ASTERISK-24
app_chanspy: Add no answer option
ASTERISK-80
app_record: Add RECORD_TIME function
ASTERISK-20
app_meetme: Update or remove removal version
ASTERISK-59
chan_dahdi: Remove stripmsd
ASTERISK-150
func_curl: Add CURLOPT option to allow digest auth
ASTERISK-49
Remove all deprecated stuff
ASTERISK-93
chan_dahdi: DSP optimizations
ASTERISK-156
chan_dahdi: Clean up permanent/transient private variables
PHREAKSCRIPT-71
Add PolycomPush application
ASTERISK-18
func_frame_drop: Simplify and improve
LBBS-56
net_snpp: Add Simple Network Paging Protocol support
LBBS-108
parallel.c: Deadlock possible when joining task thread
ASTERISK-130
Verify that res_xmpp can compile and be used
ASTERISK-155
chan_iax2: Barrage of DTMF frames can cause channel to hang
ASTERISK-154
app_dial: Dialplan freeze during announcement
LBBS-9
mod_webmail: Improve MIME parsing to extract HTML/PT components
PHREAKSCRIPT-70
app_tap: Add TAP support to Asterisk
DAHLIN-18
Avoid flushing system-wide workqueues (calls to __warn_flushing_systemwide_wq)
DAHLIN-16
OSLEC dependency removed from kernel
ASTERISK-153
app_confbridge: Allow disabling the CBAnn channel
DAHTOOL-1
system.conf: Fix typos
DAHTOOL-7
Unknown type bool in Rocky Linux 9.2
DAHTOOL-6
Support ppp 2.5.0
DAHLIN-17
dahdi-base.c: Misusage of strncat function
INTERLINKED-17
Blog: Issues with tag editing and viewing
LBBS-106
net_ssh: Soft assertion due to data during shutdown
LBBS-105
config.c: Configs can be purged while being used
LBBS-104
net_ssh: Attempt to resize node dimensions after node destroyed
SLACK-7
Add support for detecting messages posted via workflow
LBBS-107
mod_sieve: Segfault in lib libsieve_strbuffree during message delivery
ASTERISK-152
app_queue: Allow ringall to be combined with other settings
ASTERISK-148
sig_analog: fgccamamf inserting "A" at the end of dialed number
LBBS-13
pty.c: Attempt to acquire node lock after it's been destroyed
LBBS-103
mod_webmail: Crash when FETCH fails after retry due to no messages returned
ASTERISK-79
config.c: Make ast_variable_retrieve return last match
PHREAKNET-46
Polycom IP phones not provisioning
DAHLIN-15
Add support for 20pps dial pulsing
ASTERISK-122
res_pjsip_device_features: Excessive refcount on endpoint object
ASTERISK-145
res_stir_shaken: Date header is required but shouldn't be
ASTERISK-149
sig_analog: Winks from dialplan don't propagate onto DAHDI channels
DAHLIN-14
DAHDI modules fail to load with error: loading out-of-tree module taints kernel
PHREAKSCRIPT-67
Add rate limiting application
LBBS-102
mod_smtp_filter: Received header no longer has 'for' recipient included
LBBS-71
Limit registrations from same IP within a certain amount of time
ASTERISK-147
res_smdi: Allow Asterisk to be the SMDI server
EVERGREEN-3
Add NNTP support for newsgroups
WSSMAIL-8
Add NNTP support and IRC integration
DOCS-3
verify.conf: Boilerplate uses hardcoded paths for astkeydir
ASTERISK-143
func_sysinfo: Add options to retrieve current verbose/debug levels
PHREAKNET-58
TSPS phrasing is not correct
ASTERISK-142
res_pjsip_caller_id: P-Charge-Info should be used for ANI
ASTERISK-146
res_agi: callingani2 is not formatted as 2 digits
TEST-1
Test issue
ASTERISK-144
chan_pjsip: Add support for directrtpsetup
LBBS-48
net_irc: Support multi-server networks
PHREAKSCRIPT-34
app_verify: Check additional headers for STIR/SHAKEN attestation
ASTERISK-77
sig_analog: Add Call Waiting Deluxe support
LBBS-22
mod_mail_trash: Eliminate bbs_pthread_cancel_kill
LBBS-30
net_nntp: Complete overhaul/rewrite to use maildirs
LBBS-80
mod_mimeparse: Occasional segfault when running tests
LBBS-96
pty: CR NUL is sometimes split up, leaking to flaky test
DAHLIN-6
Frame relay broken
ASTERISK-141
app_mixmonitor: Warning when writing voicemail
LBBS-95
mod_mailscript: Add ADDFLAG action
PHREAKNET-36
Trunking integration with Phil McCarter
INTERLINKED-2
PhreakNet Email for BoD Members
ASTERISK-16
res_pbx_validate: Add commands to warn of dialplan problems
ASTERISK-140
res_pjsip_session: Add support for SIP-ISUP
PHREAKSCRIPT-68
asterisk.c: Compilation warning due to fscanf unused result
LBBS-27
mod_irc_relay: Allow relaying of away/here status
LBBS-70
mod_smtp_delivery_external: Use SRS for externally forwarded messages
LBBS-6
Add MenuScript, a menu system scripting engine
ASTERISK-22
general: Fix various typos
PHREAKSCRIPT-30
MD5/RSA authenticated calls frequently fail
PHREAKSCRIPT-66
dahdi_vpmadt032_loader.o: unannotated intra-function call
LBBS-101
io_tls: Automatically reload TLS certificates and non-disruptively
ASL-4
Add framehook module to convert between mute/unmute and radio key/unkey
LBBS-100
mod_spamassassin: Duplicate close of file descriptor
LBBS-99
mod_webmail: Memory leak when SORT used
ASTERISK-139
app_sms: File a gcc 15 bug for false positive vectorization warning
PHREAKSCRIPT-64
res_smdr_whozz: Add optional DTMF detection via FXO port
PHREAKSCRIPT-65
wanpipe: wanpipe modules fail to load
LBBS-98
net_smtp: Fix message processing actions being skipped in some cases
LBBS-97
system.c: Evaluate shell syntax/variables when launching programs
LBBS-94
net_imap: No response from remote IMAP server at login
ASTERISK-58
xml: Add config documentation
ASTERISK-138
pbx.c: Allow KEEPALIVE emulation
PHREAKSCRIPT-61
No rule to make target 'vpmadt032_loader/vpmadt032_x86_64.o'
DAHLIN-9
No rule to make target 'vpmadt032_loader/vpmadt032_x86_64.o'
PHREAKSCRIPT-53
app_george: Cancel in-progress recording if nobody said anything
DAHLIN-13
wct4xxp: Taking address of expression of type void
DAHLIN-12
oct612x, wct4xxp: Compilation failure on next kernel
PHREAKSCRIPT-28
app_predial: Failure to retrieve user agent property
ASTERISK-81
format_lame: MP3 read and write with LAME library
SLACK-5
Failed to receive reply... when message sent
PHREAKSCRIPT-36
app_audichron: Tone not working after announcements
LBBS-86
Deadlock on internal lock mutex
LBBS-93
mod_discord: Reply function on Discord doesn't translate well to IRC
ASTERISK-121
Upstream PhreakScript patches
ASTERISK-63
Upstream certain PhreakScript modules
ASTERISK-33
docs: Update obsolete wiki links
ASTERISK-3
Asterisk Wiki issues
PHREAKSCRIPT-63
chan_dahdi: Unused variable x
LBBS-92
Gmail bug causes disconnect after MOVE of certain messages
PHREAKNET-55
PhreakNet telegrams should also page recipient
LBBS-91
readline.c: Crash in memmove
PHREAKSCRIPT-62
res_smdr_whozz: Initialization usually fails in practice
PHREAKNET-6
Verification flags international calls
ASTERISK-137
sig_analog: Add alternate dial pulse scheme support
LBBS-89
mod_sysop: Improve history navigation and tab completion
LBBS-42
mod_discord: Actions not relayed properly from IRC
LBBS-44
io_tls: TLS errors when no certs are defined
ASTERISK-110
chan_iax2: Implement MWI
LBBS-84
net_imap: Microsoft clients disconnected after 1 hour
LBBS-88
net_imap: IDLE data not being processed in realtime
LBBS-74
net_ssh: Sessions persist even when they no longer exist
LBBS-3
module.c: Module ref tracking is flaky
DAHLIN-11
Use dev_addr_set instead of directly modifying const buffer
LBBS-2
module.c: Improve module loading process
SLACK-6
Can't post messages in enterprise workspaces using RTM API
PHREAKNET-39
Splice Fred Covington prompts for speaking clock
DAHLIN-2
Fix typos and dead links
PHREAKSCAN-1
Raw data upload restricted to 15M
LBBS-87
mod_webmail: Null dereference in FETCHLIST
ASTERISK-136
app_voicemail: Voicemails stored but no email sent
LBBS-85
net_imap: Malformed IMAP FETCH response
PHREAKNET-54
Fix trunking to Telstar
LBBS-1
mod_slack: Workspace fails to initialize due to restrictions
PHREAKSCRIPT-59
Add PhreakScript option to enable EMPULSE
DAHLIN-10
Allow enabling EMPULSE and EMFLASH simultaneously
LBBS-83
Node deadlock on shutdown
LBBS-82
localtime_r deadlock
LBBS-81
io_tls: Crash due to uninitialized memory
PHREAKSCRIPT-60
phreak script install failed without --version 22
PHREAKSCAN-2
Improve automation
LBBS-78
node.c: node->ip can be NULL
LBBS-77
test_terminals: Test is now flaky
LBBS-79
Makefile: cp -n is deprecated
PHREAKNET-53
Change in IP address for hosted lines
PHREAKSCRIPT-58
sig_analog: Allow hearpulsing gain to be adjusted
PHREAKSCRIPT-57
res_alarmsystem: Segfault due to calling ast_dtmf_stream on NULL channel
ASTERISK-135
Mutex errors on FreeBSD
LBBS-75
net_smtp: Allow plain text delivery if requirestarttls is false
PHREAKSCRIPT-55
dahdi_tool not installed
ASTERISK-134
chan_dahdi: Improve configuration validation
PHREAKSCRIPT-52
res_alarmsystem: IP loss reported even if no outage
LBBS-76
net_imap: Remote MOVE/COPY operations fail in some circumstances
PHREAKSCRIPT-43
Add spanconfig command
PHREAKSCRIPT-56
DAHDI Tools: Apply unmerged patches
ASTERISK-131
chan_dahdi: Automatically update time when DST starts/ends
WSSMAIL-5
Add full attachment support
DAHTOOL-5
Disabling span auto-assignment implodes kernel
PHREAKNET-52
Cisco end of CSR signing support
LBBS-18
net_ssh: High CPU trying to end SSH session
ASTERISK-106
chan_pjsip: Modify From header appropriately for unavailable presentation
ASTERISK-124
app_mixmonitor: Allow cancelling in-progress recording/recipients
ASTERISK-129
core: Add ref/unref for ast_moh callbacks
PHREAKSCRIPT-54
Replace LOAD_STR_INT with ast_yesno
ASTERISK-128
Rename ast_sip_presence_xml_ functions
ASTERISK-127
func_codecs: view/update codecs
DAHLIN-8
Readd native SF support
ASTERISK-126
chan_iax2: Add fixed jitterbuffer
PHREAKNET-49
ML model for 3-slot coin detection
ASTERISK-125
app_voicemail: Warning when hanging up during playback
ASTERISK-48
func_devstate: Delete empty from AstDB
ASTERISK-108
config.c: Investigate and fix various config file rewrite bugs
LBBS-25
mod_mail_trash: Attempts to open files as directories
INTERLINKED-20
Closing multiple issues simultaneously doesn't work
PHREAKSCRIPT-51
Add 32-bit/ARM builds
DAHLIN-7
Mega-issue to upstream out-of-tree DAHDI patches
ASTERISK-123
app_voicemail: Add ability to disable "thank-you" when ending voicemail
PHREAKSCRIPT-50
app_acts: Finish fine tuning and bug fixes
SLACK-4
Slack client exits due to SSL_ERROR_ZERO_RETURN
ASTERISK-83
res_pjsip_device_features: Add forwarding and DND synchronization
PHREAKSCRIPT-42
Syntax Error on chan_dahdi
PHREAKSCRIPT-48
res_alarmsystem.conf.sample: Config is not commented by default
WSSMAIL-10
Can scroll down past bottom of page on larger screens
PHREAKSCRIPT-49
wanpipe doesn't compile above 6.1 kernel
LBBS-21
net_imap: Proxy clients orphaned without associated IMAP session
LBBS-73
net_imap: Invalid memory access client->imap->tag
LBBS-19
tls.c: Occasional SEGV at shutdowns of TLS connections
PHREAKSCRIPT-47
make webvmail
PHREAKSCRIPT-46
menuselect
PHREAKSCRIPT-45
TDMoIP driver module
PHREAKSCRIPT-44
Finish ADSI applications
DAHTOOL-4
dahdi_genconf: Hangs when run initially after span assignment
WSSMAIL-6
Add option to auto-reconnect if disconnected
PHREAKSCRIPT-41
Create virtual modem application using softmodem
PHREAKNET-41
Allow for more granular billing based on switch ZIP code
PHREAKNET-33
Finish TSPS web console
ASTERISK-82
app_queue: Allow queue strategy to be manipulated externally
ASTERISK-101
func_tonedetect: 2600 Hz detection not working or suboptimal
LBBS-72
mod_webdav: Add WebDAV support
LBBS-57
Occasional 100% CPU usage on SSH session termination
ASTERISK-120
app_senddtmf: SendDTMF failure if not answering channel
ASTERISK-119
app_dial: Progress timeout doesn't cause Dial to exit
ASTERISK-117
app_voicemail: Pager email generation is broken

← All Issues || New Issue →

Sort Normal || Priority

Details

Category: LBBS
Type: Bug
Severity: Major
Priority: High
Resolution Effort: Unknown
Visibility: Public
Topic:
Milestone:
External Link:
Reported: 9/23/2025 5:29 PM
Last Active: 9/23/2025 5:30 PM
Status: Open
Reporter: InterLinked
Watching: InterLinked
Assigned To: Nobody

Most AMI-dependent modules simply call bbs_ami_session() to get the current AMI session, but that can be NULL if we're in the middle of reconnecting, and thus any call during this time would return NULL.

Most, if not all, modules, do not check the return value and pass it to libcami blindly, which expects the session to be non-NULL, thus triggering a segmentation fault:

Segmentation fault (core dumped)

Thread 1 (Thread 0x7effd47f06c0 (LWP 28720)):
#0  ami_action (ami=0x0, action=action@entry=0x7effe8a9c008 "SoftmodemSessions", fmt=fmt@entry=0x7effe8a9c000 "Port:%u") at cami.c:1047
        resp = 0x0
        res = <optimized out>
        actionid = <optimized out>
        ap = {{gp_offset = 1919249508, fp_offset = 538976288, overflow_arg_area = 0x2020202020202020, reg_save_area = 0x2064657472617473}}

It isn't libcami's responsibility to guard against a NULL session, so we will need to avoid this. This and [LBBS-111] may require some refactoring.

Comments

You must be logged in to leave a comment.