A way to duplicate the firmware lockup on Aastra phones

I think Aastra’s firmware has a memory leak within code that processes SIP envelopes. I can get my phones to hang like clockwork with the following test…

Download and compile sipsak. Register your Aastra phone with Asterisk. Make sure it’s working okay. Then, create this script:

#!/bin/bash #replace IP address with that of one of your phone COUNTER=0 while [ $COUNTER -lt 100000 ]; do echo count is $COUNTER sipsak -s sip:test@ -vv -r 5060 let COUNTER=COUNTER+1 done

Run the script. At somewhere between 400 and 600 calls to a 480i or at about 28000 calls to a 9133i, you’ll see:


count is 407

message received:
SIP/2.0 200 OK
Call-ID: 1424949142@
From: sip:sipsak@;tag=54eeff96
To: sip:test@;tag=790656ba7105ed4
Via: SIP/2.0/UDP;received=;branch=z9hG4bK.7a84f7d3;r
Content-Length: 0
Contact: sip:test@
Supported: replaces
User-Agent: Aastra 480i Cordless/ Brcm Callctrl/1.5 MxSF/v3.2.6.26

** reply received after 64.684 ms **
SIP/2.0 200 OK
final received
count is 408
** timeout after 500 ms**
** timeout after 1000 ms**
** timeout after 2000 ms**
** timeout after 4000 ms**
** timeout after 4000 ms**
** timeout after 4000 ms**
** timeout after 4000 ms**

When you see sipsak timing out, pick up the phone and attempt to dial any extension. Does your phone hang, too?

If you have a 480i that’s still running 1.3.0, I’m especially interested in your results. I’ve tried downgrading my 480i to 1.3.0, but the phone keeps refusing.

I’m curious as to whether 1.3.0 had the problem because our 480is locked up prior to the 1.4.0 upgrade. I’m guessing this has been a bug for a while.