A malformed sip packet should not crash OpenSIPS it should just give an error and move on
On Fri, Jun 8, 2018 at 3:00 PM, Ben Newlin <ben.new...@genesys.com> wrote: > Liviu, > > > > I am very impressed! I was indeed sending a malformed invite just like the > one you posted, specifically with the missing line termination before the > Call-ID. > > > > Thanks, > > Ben Newlin > > > > > > From: Users <users-boun...@lists.opensips.org> on behalf of Liviu Chircu > <li...@opensips.org> > Reply-To: OpenSIPS users mailling list <users@lists.opensips.org> > Date: Friday, June 8, 2018 at 5:17 AM > To: "users@lists.opensips.org" <users@lists.opensips.org> > Subject: Re: [OpenSIPS-Users] OpenSIPS Crash > > > > Hi Ben, > > Excellent report! I managed to reproduce the crash on first try: > > Core was generated by `./opensips -m64 -M16 -f > cfg/opensips-2.4-sipp-siptrace.cfg -w .'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x00007f7987cd7f2a in sip_trace (msg=0x7f799817fd20, > info=0x7f799468d5e0) at siptrace.c:1646 > 1646 db_vals[1].val.str_val.s = msg->callid->body.s; > (gdb) bt > #0 0x00007f7987cd7f2a in sip_trace (msg=0x7f799817fd20, > info=0x7f799468d5e0) at siptrace.c:1646 > #1 0x00007f7987cd7c8d in sip_trace_w (msg=0x7f799817fd20, > param1=0x7f7998169110 "\001", param2=0x2 <error: Cannot access memory at > address 0x2>, param3=0x7f79981691f8 "\001", param4=0x0) at siptrace.c:1590 > #2 0x0000000000445082 in do_action (a=0x7f79981589a0, msg=0x7f799817fd20) > at action.c:1864 > #3 0x000000000043ccf7 in run_action_list (a=0x7f79981589a0, > msg=0x7f799817fd20) at action.c:172 > > Quick question for you: you are sending a malformed INVITE, correct? Here is > how mine looked like: > > INVITE sip:sipp@127.0.0.1:5060 SIP/2.0. > Via: SIP/2.0/UDP 127.0.0.1:7000;branch=z9hG4bK-1988-1-0. > From: sipp <sip:sipp@127.0.0.1:7000>;tag=123456789. > To: sut <sip:sipp@127.0.0.1:5060>. > CSeq: 1 INVITE. > Contact: <sip:sipp@127.0.0.1:7000> Call-ID: 1-1988@127.0.0.1. > Max-Forwards: 70. > Subject: Performance Test. > Content-Type: application/sdp. > Content-Length: 129. > . > v=0. > o=user1 53655765 2353687637 IN IP4 127.0.0.1. > s=-. > c=IN IP4 127.0.0.1. > t=0 0. > m=audio 6001 RTP/AVP 0. > a=rtpmap:0 PCMU/8000. > > Notice how OpenSIPS will be unable to parse the Call-ID header field, hence > the immediate crash in sip_trace(), as it's unable to handle a NULL Call-ID. > > Best regards, > > Liviu Chircu > > OpenSIPS Developer > > http://www.opensips-solutions.com > > On 07.06.2018 22:24, Ben Newlin wrote: > > Hi, > > > > While running a new test scenario I encountered an OpenSIPS crash. > > > > version: opensips 2.3.3 (x86_64/linux) > > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, > FAST_LOCK-ADAPTIVE_WAIT > > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, > MAX_URI_SIZE 1024, BUF_SIZE 65535 > > poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. > > git revision: a0bed9d > > main.c compiled on 21:08:28 May 16 2018 with gcc 4.8.5 > > > > Logs: https://pastebin.com/3vL3rbG4 > > BT: https://pastebin.com/tTp32ASC > > > > Let me know if anything else is needed. > > > > Thanks, > > Ben Newlin > > > > > > > _______________________________________________ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users