Hello Tolga,
Once again, thank you for the report and patch - Vlad, the maintainer of
the GRUU code will take a look on this asap and make the fix.
Thanks and regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 04/29/2013 02:34 AM, Tolga Tarhan wrote:
All,
I've discovered another bug in the register module's GRUU handling.
This time, the issue is that an incorrect length is calculated for a
temp GRUU before it is base64 encoded. This causes the GRUU to not
match when it's decoded (since two extra characters of garbage get
encoded on accident).
In the 1.9.0 source, the problem is in modules/registrar/reply.c on
line 191. The temp GRUU is calculated as time_len + aor->len +
instance->len + callid->len + 3, however, when instance is actually
appended to the memory buffer, two characters (the leading and
trailing angle brackets) are removed. This results in the reported
length being two characters too long and two extra characters of
garbage being included in the base64 encoded string.
I've created and verified a patch for this problem. It can be found
here:
http://netbrains-misc.s3.amazonaws.com/opensips/opensips-register-make-gruu-wrong-length.patch
Additionally, there appears to be a possibly related bug in
modules/registrar/common.c on line 141 where the call id length after
base64 decoding is inexplicably reduced by one. This may have been a
previous attempt by someone to partially workaround the encoding bug
above, but it isn't correct, as the last character of the GRUU call id
is lost.
I've created and verified a patch for this as well. It can be found
here:
http://netbrains-misc.s3.amazonaws.com/opensips/opensips-lookup-gruu-wrong-length.patch
For what it it's worth, the assumption that sip.instance contains
angle-brackets may be wrong. I believe that it's always supposed to,
but assuming that it does is probably problematic and could be a
source of even bigger problems if the instance is less than two
characters long (where the memcpy would just grab random memory, I
think). My patch doesn't address this aspect, however.
Please let me know if there's something else I need to do to get these
patches accepted upstream.
Thanks,
Tolga Tarhan
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users