Re: [sr-dev] segfault calling tls.list in sercmd

Daniel-Constantin Mierla Thu, 04 Aug 2011 02:52:53 -0700

Hello,

this mailing list is a good place to report. Alternative is the tracker:
http://sip-router.org/tracker

Hopefully I committed a fix for the issue in GIT master branch. Thetls.list RPC command could have been used at the moment when the cipherfor the tls connection was not set. I added a safety check for suchsituation.

If it is any chance to test it somehow, let us know the results. I willprobably backport it to 3.1 branch soon. The link to the patch in masterbranch is:

http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=816a0218130782ea86a3cc16feb2a008fe6fff68

Thanks,
Daniel

On 8/4/11 11:22 AM, Francesco Castellano wrote:

Dear sirs,

I'm not sure where should I report a backtrace for this event; so let
me add some details in the mailing list, but please advice me if there
were more appropriate places for this.

Moreover, I'm not sure if it is actually a bug in libssl. In this
case, I just wanted you to know it.

[server version]
$ sudo kamailio -V
version: kamailio 3.1.3 (x86_64/linux) 8b3506
flags: STATS: Off, EXTRA_DEBUG, USE_IPV6, USE_TCP, USE_TLS, USE_SCTP,
TLS_HOOKS, USE_RAW_SOCKS, USE_STUN, DISABLE_NAGLE, USE_MCAST,
DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 32MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 8b3506
compiled on 03:07:12 Apr 28 2011 with gcc 4.4.5

[OS]
$ sudo cat /etc/apt/sources.list
deb http://debian.fastweb.it/debian/ squeeze main
deb-src http://debian.fastweb.it/debian/ squeeze main
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
deb http://linux.dell.com/repo/community/deb/latest /

$ uname -a
Linux sip2 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux

[BT]
Program terminated with signal 11, Segmentation fault.
#0  SSL_CIPHER_description (cipher=0x0, buf=0x7fff92999420
"AES256-SHA", ' '<repeats 14 times>, "SSLv3 Kx=RSA      Au=RSA
Enc=AES(256)  Mac=SHA1", len=128)
     at ssl_ciph.c:1114
1114    ssl_ciph.c: No such file or directory.
         in ssl_ciph.c
(gdb) bt
#0  SSL_CIPHER_description (cipher=0x0, buf=0x7fff92999420
"AES256-SHA", ' '<repeats 14 times>, "SSLv3 Kx=RSA      Au=RSA
Enc=AES(256)  Mac=SHA1", len=128)
     at ssl_ciph.c:1114
#1  0x00007f6d46e48e09 in tls_list (rpc=0x7f6cc2e72ca0,
c=0x7fff92999530) at tls_rpc.c:136
#2  0x00007f6cc2c50e40 in process_rpc_req (buf=0xd6bbf4
"\241\003\v5\355R\260\221\ttls.list", size=18,
bytes_needed=0x7fff929996c8, sh=0x7fff92999640,
     saved_state=0xd7bbf8) at binrpc_run.c:597
#3  0x00007f6cc2c68343 in handle_stream_read (s_c=0xd6bbc0, idx=-1) at
io_listener.c:521
#4  0x00007f6cc2c68f6d in handle_io (fm=0xd68f98, events=1, idx=-1) at
io_listener.c:716
#5  0x00007f6cc2c65462 in io_wait_loop_epoll (h=0x7f6cc2e73d00, t=10,
repeat=0) at ../../io_wait.h:1092
#6  0x00007f6cc2c67086 in io_listen_loop (fd_no=1, cs_lst=0xd39068) at
io_listener.c:291
#7  0x00007f6cc2c54e76 in mod_child (rank=0) at ctl.c:327
#8  0x00000000004e0e75 in init_mod_child (m=0x9555b8, rank=0) at sr_module.c:829
#9  0x00000000004e0d60 in init_mod_child (m=0x956618, rank=0) at sr_module.c:826
#10 0x00000000004e0d60 in init_mod_child (m=0x956de8, rank=0) at sr_module.c:826
#11 0x00000000004e0d60 in init_mod_child (m=0x957330, rank=0) at sr_module.c:826
#12 0x00000000004e0d60 in init_mod_child (m=0x958c20, rank=0) at sr_module.c:826
#13 0x00000000004e0d60 in init_mod_child (m=0x959cc0, rank=0) at sr_module.c:826
#14 0x00000000004e0d60 in init_mod_child (m=0x95b228, rank=0) at sr_module.c:826
#15 0x00000000004e0d60 in init_mod_child (m=0x95bcb0, rank=0) at sr_module.c:826
#16 0x00000000004e0d60 in init_mod_child (m=0x95d508, rank=0) at sr_module.c:826
#17 0x00000000004e0d60 in init_mod_child (m=0x95ed20, rank=0) at sr_module.c:826
#18 0x00000000004e0d60 in init_mod_child (m=0x961ac8, rank=0) at sr_module.c:826
#19 0x00000000004e0d60 in init_mod_child (m=0x962590, rank=0) at sr_module.c:826
#20 0x00000000004e0d60 in init_mod_child (m=0x963450, rank=0) at sr_module.c:826
#21 0x00000000004e0d60 in init_mod_child (m=0x9641c0, rank=0) at sr_module.c:826
#22 0x00000000004e0d60 in init_mod_child (m=0x964ab8, rank=0) at sr_module.c:826
#23 0x00000000004e0d60 in init_mod_child (m=0x965c10, rank=0) at sr_module.c:826
#24 0x00000000004e0d60 in init_mod_child (m=0x966010, rank=0) at sr_module.c:826
#25 0x00000000004e0d60 in init_mod_child (m=0x9662e8, rank=0) at sr_module.c:826
#26 0x00000000004e0d60 in init_mod_child (m=0x966ab8, rank=0) at sr_module.c:826
#27 0x00000000004e0d60 in init_mod_child (m=0x967498, rank=0) at sr_module.c:826
#28 0x00000000004e0d60 in init_mod_child (m=0x967ce8, rank=0) at sr_module.c:826
#29 0x00000000004e0d60 in init_mod_child (m=0x968ad8, rank=0) at sr_module.c:826
#30 0x00000000004e0d60 in init_mod_child (m=0x969080, rank=0) at sr_module.c:826
#31 0x00000000004e0d60 in init_mod_child (m=0x969b60, rank=0) at sr_module.c:826
#32 0x00000000004e0d60 in init_mod_child (m=0x96a500, rank=0) at sr_module.c:826
#33 0x00000000004e0d60 in init_mod_child (m=0x96c838, rank=0) at sr_module.c:826
#34 0x00000000004e0d60 in init_mod_child (m=0x96ceb0, rank=0) at sr_module.c:826
#35 0x00000000004e0fb3 in init_child (rank=0) at sr_module.c:853
#36 0x000000000045f128 in main_loop () at main.c:1624
#37 0x0000000000461aad in main (argc=13, argv=0x7fff9299a438) at main.c:2398
(gdb)

[OpenSSL]
$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

$ sudo dpkg -l libssl-dev libssl0.9.8
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                          Version
                          Description
+++-=============================================-=============================================-==========================================================================================================
ii  libssl-dev                                    0.9.8o-4squeeze1
                          SSL development libraries, header files and
documentation
ii  libssl0.9.8                                   0.9.8o-4squeeze1
                          SSL shared libraries

 From the Kamailio log file at startup:
/usr/local/sbin/kamailio[14488]: INFO: tls [tls_init.c:519]: tls:
init_tls_h: installed openssl library version "OpenSSL 0.9.8o 01 Jun
2010" (0x009080ff), kerberos support: off,  zlib compression: on#012
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3
-Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
/usr/local/sbin/kamailio[14488]: WARNING: tls [tls_init.c:587]: tls:
openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
(on low memory tls operations will fail preemptively) with free memory
thresholds 46661632 and 23330816 bytes


If you need any other information, please let me know.
Unfortunately, being a production server, we cannot promise you to
test possibly patches on it.

Best regards
Francesco Castellano

_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev


--
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Oct 10-13, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda


_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] segfault calling tls.list in sercmd

Reply via email to