sr-dev

sr-dev@lists.kamailio.org

44307 discussions

[ openser-Bugs-2818273 ] crash when Content-length too big

by SourceForge.net

Bugs item #2818273, was opened at 2009-07-08 01:28 Message generated for change (Comment added) made by marcushunger You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2818273&group_… Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: ver 1.5.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: crash when Content-length too big Initial Comment: Recently we encountered some crashes of kamailio 1.5.0 caused by messages with too big value of Content-length (more than 30000). When the parser in nathelper.c looks for old and new port it sometimes finds occurences after the real end of the message. Then the sanity check in del_lump() in data_lump.c finds that either offset or offset+len is greater than msg->len and calls abort(). ---------------------------------------------------------------------- Comment By: Marcus Hunger (marcushunger) Date: 2010-03-01 14:51 Message: It seems that the ERROR is not really a problem, and the crash happened on 1.5.3. ---------------------------------------------------------------------- Comment By: Marcus Hunger (marcushunger) Date: 2010-03-01 12:45 Message: I am afraid, this issue is not yet fixed. The latest release version (1.5.4-notls (i386/linux)) still produces: Mar 1 11:53:12 test02 /usr/sbin/kamailio[5173]: ERROR:core:anchor_lump: offset exceeds message size (1799 > 1783)... Mar 1 11:53:12 test02 /usr/sbin/kamailio[5173]: ERROR:nathelper:force_rtp_proxy: anchor_lump failed This is reproducible. I even experienced a crash: Feb 26 14:58:44 test02 /usr/sbin/kamailio[21020]: CRITICAL:core:del_lump: offset exceeds message size (1186 > 1132) aborting... To trigger this, one needs to send an invite with a content-length bigger than the actual content through force_rtp_proxy. ---------------------------------------------------------------------- Comment By: Daniel-Constantin Mierla (miconda) Date: 2009-10-05 08:54 Message: This should be fixed in 1.5.2 and latest svn, have you tried the latest 1.5 svn branch? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2009-07-08 17:17 Message: 'kamailio -V' says 'kamailio 1.5.0-notls (x86_64/linux)' ---------------------------------------------------------------------- Comment By: Klaus Darilion (klaus_darilion) Date: 2009-07-08 10:38 Message: Which excat version are you using? There were some bugfixes recently. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2818273&group_…

14 years, 11 months

Project Update, London Meeting, March 9

by Daniel-Constantin Mierla

Hello, Tuesday, March 9, I am going to be in London and plan to organize a social networking event for folks around SIP/VoIP, Kamailio (OpenSER) & SIP Router. One is going to be the usual evening dinner/pub meeting, see pics from some past events: http://www.asipto.com/gallery/v/social_meeting_barcelona2008/ http://www.asipto.com/gallery/v/FOSDEM2009/ I addition, if there are people interested, I would like to have a session in the afternoon (2-3 hours) to give an update about Kamailio (OpenSER) 3.0, present and future development of SIP Router. Time is rather short, but I encourage attendees to prepare short presentations as well, about their products and services, to have more information exchanged there. Let me know if you wish to attend such event in order to find a proper place to host it (drop me an email). Participation is free for everybody, at the dinner, the classic rule, everyone is going to pay for himself/herself. Looking forward to meeting many of you in London. Cheers, Daniel -- Daniel-Constantin Mierla Kamailio SIP Router Masterclass, Berlin, March 22-26, 2010 * http://www.asipto.com/index.php/sip-router-masterclass/

14 years, 11 months

[ openser-Bugs-2818273 ] crash when Content-length too big

by SourceForge.net

Bugs item #2818273, was opened at 2009-07-08 01:28 Message generated for change (Comment added) made by marcushunger You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2818273&group_… Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: ver 1.5.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: crash when Content-length too big Initial Comment: Recently we encountered some crashes of kamailio 1.5.0 caused by messages with too big value of Content-length (more than 30000). When the parser in nathelper.c looks for old and new port it sometimes finds occurences after the real end of the message. Then the sanity check in del_lump() in data_lump.c finds that either offset or offset+len is greater than msg->len and calls abort(). ---------------------------------------------------------------------- Comment By: Marcus Hunger (marcushunger) Date: 2010-03-01 12:45 Message: I am afraid, this issue is not yet fixed. The latest release version (1.5.4-notls (i386/linux)) still produces: Mar 1 11:53:12 test02 /usr/sbin/kamailio[5173]: ERROR:core:anchor_lump: offset exceeds message size (1799 > 1783)... Mar 1 11:53:12 test02 /usr/sbin/kamailio[5173]: ERROR:nathelper:force_rtp_proxy: anchor_lump failed This is reproducible. I even experienced a crash: Feb 26 14:58:44 test02 /usr/sbin/kamailio[21020]: CRITICAL:core:del_lump: offset exceeds message size (1186 > 1132) aborting... To trigger this, one needs to send an invite with a content-length bigger than the actual content through force_rtp_proxy. ---------------------------------------------------------------------- Comment By: Daniel-Constantin Mierla (miconda) Date: 2009-10-05 08:54 Message: This should be fixed in 1.5.2 and latest svn, have you tried the latest 1.5 svn branch? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2009-07-08 17:17 Message: 'kamailio -V' says 'kamailio 1.5.0-notls (x86_64/linux)' ---------------------------------------------------------------------- Comment By: Klaus Darilion (klaus_darilion) Date: 2009-07-08 10:38 Message: Which excat version are you using? There were some bugfixes recently. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2818273&group_…

14 years, 11 months

TCP and TLS connection handling

by Vadim Lebedev

Hello, I'm investigation possiblity to implement DTLS support and in this context I wonder if some kind soul can point me to an overview explaining how SR is handling TCP and TLS connections. I'd like to understand how are they assigned to child processes and and what happens when for example child A receives a request which should be forwarded to the connection handled by the child B? Thanks Vadim

14 years, 11 months

git:master: core: msg_parse minor 64bit warning fix

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: c0e9cb82abe293937e5b95fa1347afdc118d9ac2 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c0e9cb8… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Feb 26 15:21:50 2010 +0100 core: msg_parse minor 64bit warning fix --- parser/msg_parser.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/parser/msg_parser.c b/parser/msg_parser.c index ab90137..97378c7 100644 --- a/parser/msg_parser.c +++ b/parser/msg_parser.c @@ -348,7 +348,7 @@ int parse_headers(struct sip_msg* msg, hdr_flags_t flags, int next) switch (hf->type){ case HDR_ERROR_T: LOG(L_INFO,"ERROR: bad header field [%.*s]\n", - (end-tmp>20)?20:(end-tmp), tmp); + (end-tmp>20)?20:(int)(end-tmp), tmp); goto error; case HDR_EOH_T: msg->eoh=tmp; /* or rest?*/

14 years, 11 months

git:master: tls: TLS_MALLOC_DBG can now be set on make cfg

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 9bc19d4994f20aa354092aba9ae784de91547fc6 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9bc19d4… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Feb 26 13:39:55 2010 +0100 tls: TLS_MALLOC_DBG can now be set on make cfg Enabling tls extra malloc debugging info, does not require anymore editing tls_init.c. It can be enabled at cfg time (make cfg extra_defs=-DTLS_MALLOC_DBG) or at compile/re-compile time ( make -C modules/tls clean; make -C modules/tls extra_defs=-DTLS_MALLOC_DBG). When TLS_MALLOC_DBG is enabled, an extra warning will be printed at compile time. NO_TLS_MALLOC_DBG takes precedence over TLS_MALLOC_DBG. --- modules/tls/tls_init.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index d7ade41..a685c83 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -128,12 +128,16 @@ int tls_force_run = 0; /* ignore some start-up sanity checks, use it const SSL_METHOD* ssl_methods[TLS_USE_SSLv23 + 1]; +#ifdef NO_TLS_MALLOC_DBG #undef TLS_MALLOC_DBG /* extra malloc debug info from openssl */ +#endif /* NO_TLS_MALLOC_DBG */ + /* * Wrappers around SER shared memory functions * (which can be macros) */ #ifdef TLS_MALLOC_DBG +#warning "tls module compiled with malloc debugging info (extra overhead)" #include <execinfo.h> /*

14 years, 11 months

git:master: tm: experimental tm onreply_route final reply DROP support

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: e81c62ec2fd8666fc5b3a86c33e55e40029f2349 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e81c62e… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Feb 26 15:10:49 2010 +0100 tm: experimental tm onreply_route final reply DROP support Experimental support for dropping final replies from tm onreply_route[]s. It's disabled by default (causes a small performance hit and it's not needed in most cases). To enable re-compile tm with -DTM_ONREPLY_FINAL_DROP_OK (e.g. make cfg extra_defs=-DTM_ONREPLY_FINAL_DROP_OK; make all or make -C modules/tm extra_defs=-DTM_ONREPLY_FINAL_DROP_OK) --- modules/tm/t_reply.c | 65 +++++++++++++++++++++++++++++++++++++++++++------- 1 files changed, 56 insertions(+), 9 deletions(-) diff --git a/modules/tm/t_reply.c b/modules/tm/t_reply.c index 9fbe6c3..f28cf05 100644 --- a/modules/tm/t_reply.c +++ b/modules/tm/t_reply.c @@ -94,9 +94,17 @@ * 2009-12-10 reply route is executed under lock to protect the avps (andrei) * 2010-02-22 _reply() will cleanup any reply lumps that it might have added * (andrei) + * 2010-02-26 added experimental support for final reply dropping, not + * enabled by default (performance hit) (andrei) * */ + /* Defines: + * TM_ONREPLY_FINAL_DROP_OK - allows dropping the final reply + * from the tm onreply_routes, but comes with a small performance + * hit (extra unlock()/lock() for each final reply when a onreply + * route is set). + */ #ifdef EXTRA_DEBUG #include <assert.h> @@ -147,6 +155,10 @@ #include "uac.h" +#ifdef NO_TM_ONREPLY_FINAL_DROP_OK +#undef TM_ONREPLY_FINAL_DROP_OK +#endif + /* private place where we create to-tags for replies */ /* janakj: made public, I need to access this value to store it in dialogs */ char tm_tags[TOTAG_VALUE_LEN]; @@ -1880,6 +1892,7 @@ int reply_received( struct sip_msg *p_msg ) int branch; /* has the transaction completed now and we need to clean-up? */ int reply_status; + int onreply_route; branch_bm_t cancel_bitmap; struct ua_client *uac; struct cell *t; @@ -1939,11 +1952,20 @@ int reply_received( struct sip_msg *p_msg ) DBG("DEBUG: reply to local CANCEL processed\n"); goto done; } - - + + onreply_route=t->on_reply; if ( msg_status >= 200 ){ - /* stop final response timer & retr. only if I got a final response */ - stop_rb_timers(&uac->request); +#ifdef TM_ONREPLY_FINAL_DROP_OK +#warning Experimental tm onreply_route final reply DROP support active + if (onreply_route) + /* stop only retr., but leave the final reply timers on, in case + the final reply is dropped in the on_reply route */ + stop_rb_retr(&uac->request); + else +#endif /* TM_ONREPLY_FINAL_DROP_OK */ + /* stop final response timer & retr. if I got a + final response */ + stop_rb_timers(&uac->request); /* acknowledge negative INVITE replies (do it before detailed * on_reply processing, which may take very long, like if it * is attempted to establish a TCP connection to a fail-over dst */ @@ -2030,7 +2052,7 @@ int reply_received( struct sip_msg *p_msg ) p_msg->fwd_send_flags.blst_imask|= uac->request.dst.send_flags.blst_imask & BLST_503; /* processing of on_reply block */ - if (t->on_reply) { + if (onreply_route) { set_route_type(TM_ONREPLY_ROUTE); /* transfer transaction flag to message context */ if (t->uas.request) p_msg->flags=t->uas.request->flags; @@ -2052,7 +2074,7 @@ int reply_received( struct sip_msg *p_msg ) /* lock onreply_route, for safe avp usage */ LOCK_REPLIES( t ); replies_locked=1; - run_top_route(onreply_rt.rlist[t->on_reply], p_msg, &ctx); + run_top_route(onreply_rt.rlist[onreply_route], p_msg, &ctx); /* transfer current message context back to t */ if (t->uas.request) t->uas.request->flags=p_msg->flags; getbflagsval(0, &uac->branch_flags); @@ -2070,13 +2092,36 @@ int reply_received( struct sip_msg *p_msg ) /* handle a possible DROP in the script, but only if this is not a final reply (final replies already stop the timers and droping them might leave a transaction living forever) */ - if ((ctx.run_flags&DROP_R_F) && (msg_status<200)) { - if (unlikely(replies_locked)) { +#ifdef TM_ONREPLY_FINAL_DROP_OK + if (unlikely(ctx.run_flags&DROP_R_F)) +#else + if (unlikely((ctx.run_flags&DROP_R_F) && (msg_status<200))) +#endif /* TM_ONREPLY_FINAL_DROP_OK */ + { + if (likely(replies_locked)) { replies_locked = 0; UNLOCK_REPLIES( t ); } goto done; } +#ifdef TM_ONREPLY_FINAL_DROP_OK + if (msg_status >= 200) { + /* stop final reply timers, now that we executed the onreply route + and the reply was not DROPed */ + if (likely(replies_locked)){ + /* if final reply => we have to execute stop_rb_timers, but + with replies unlocked to avoid a possible deadlock + (if the timer is currently running, stop_rb_timers() + will wait until the timer handler ends, but the + final_response_handler() will try to lock replies => + deadlock). + */ + UNLOCK_REPLIES( t ); + replies_locked=0; + } + stop_rb_timers(&uac->request); + } +#endif /* TM_ONREPLY_FINAL_DROP_OK */ } #ifdef USE_DST_BLACKLIST /* add temporary to the blacklist the source of a 503 reply */ @@ -2129,8 +2174,10 @@ int reply_received( struct sip_msg *p_msg ) } } #endif - if (unlikely(!replies_locked)) + if (unlikely(!replies_locked)){ LOCK_REPLIES( t ); + replies_locked=1; + } if ( is_local(t) ) { reply_status=local_reply( t, p_msg, branch, msg_status, &cancel_bitmap ); if (reply_status == RPS_COMPLETED) {

14 years, 11 months

git:kamailio_3.0: dialog(k): init local parameter

by Daniel-Constantin Mierla

Module: sip-router Branch: kamailio_3.0 Commit: b3e99c07b69f28d55de89b2adb96468ff71c9764 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b3e99c0… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Fri Feb 12 11:12:37 2010 +0100 dialog(k): init local parameter - memset tm callback param to 0 - safety checks for MI cmd dlg match - credits to Inaki Baz Castillo and Torben Friese (cherry picked from commit 787fabb1e0085355aa1eeb77d5f17e7940f4ed3c) --- modules_k/dialog/dlg_handlers.c | 34 ++++++++++++++++++++-------------- modules_k/dialog/dlg_hash.h | 2 ++ 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/modules_k/dialog/dlg_handlers.c b/modules_k/dialog/dlg_handlers.c index 450cc12..1091777 100644 --- a/modules_k/dialog/dlg_handlers.c +++ b/modules_k/dialog/dlg_handlers.c @@ -331,24 +331,29 @@ static void dlg_onreply(struct cell* t, int type, struct tmcb_params *param) old_state!=DLG_STATE_CONFIRMED_NA && old_state!=DLG_STATE_CONFIRMED ) { LM_DBG("dialog %p confirmed\n",dlg); - /* get to tag*/ - if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0) || !rpl->to) ) { - LM_ERR("bad reply or missing TO hdr :-/\n"); - tag.s = 0; - tag.len = 0; - } else { - tag = get_to(rpl)->tag_value; - if (tag.s==0 || tag.len==0) { - LM_ERR("missing TAG param in TO hdr :-/\n"); + if (rpl != FAKED_REPLY) { + /* get to tag*/ + if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0) + || !rpl->to) ) { + LM_ERR("bad reply or missing TO hdr :-/\n"); tag.s = 0; tag.len = 0; + } else { + tag = get_to(rpl)->tag_value; + if (tag.s==0 || tag.len==0) { + LM_ERR("missing TAG param in TO hdr :-/\n"); + tag.s = 0; + tag.len = 0; + } } - } - /* save callee's tag, cseq, contact and record route*/ - if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) { - LM_ERR("could not add further info to the dialog\n"); - } + /* save callee's tag, cseq, contact and record route*/ + if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) { + LM_ERR("could not add further info to the dialog\n"); + } + } else { + LM_ERR("Faked reply!\n"); + } /* set start time */ dlg->start_ts = (unsigned int)(time(0)); @@ -500,6 +505,7 @@ static void unref_new_dialog(void *dialog) { struct tmcb_params p; + memset(&p, 0, sizeof(struct tmcb_params)); p.param = (void*)&dialog; dlg_onreply(0, TMCB_DESTROY, &p); } diff --git a/modules_k/dialog/dlg_hash.h b/modules_k/dialog/dlg_hash.h index bd1de87..889a318 100644 --- a/modules_k/dialog/dlg_hash.h +++ b/modules_k/dialog/dlg_hash.h @@ -426,6 +426,8 @@ static inline int match_dialog(struct dlg_cell *dlg, str *callid, */ static inline int match_downstream_dialog(struct dlg_cell *dlg, str *callid, str *ftag) { + if(dlg==NULL || callid==NULL || ftag==NULL) + return 0; if (dlg->callid.len!=callid->len || dlg->tag[DLG_CALLER_LEG].len!=ftag->len || strncmp(dlg->callid.s,callid->s,callid->len)!=0 ||

14 years, 11 months

git:kamailio_3.0: cfg parser: segfault on case RE parse error fix

by Daniel-Constantin Mierla

Module: sip-router Branch: kamailio_3.0 Commit: cee359fdc0bd85b85dc170c61ca296a3f13b0639 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=cee359f… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Wed Feb 24 15:13:12 2010 +0100 cfg parser: segfault on case RE parse error fix Reported-by: Klaus Feichtinger klaus.feichtinger gmx net (cherry picked from commit d2871c1190291e4b801f42e0763e5ca7ea28ee36) --- cfg.y | 21 +++++++++++++-------- 1 files changed, 13 insertions(+), 8 deletions(-) diff --git a/cfg.y b/cfg.y index c618a52..f535d98 100644 --- a/cfg.y +++ b/cfg.y @@ -2239,12 +2239,14 @@ if_cmd: ct_rval: rval_expr { $$=0; - if (!rve_is_constant($1)){ + if ($1 && !rve_is_constant($1)){ yyerror("constant expected"); + YYERROR; /* - } else if (!rve_check_type((enum rval_type*)&i_tmp, $1, 0, 0 ,0)){ + } else if ($1 && + !rve_check_type((enum rval_type*)&i_tmp, $1, 0, 0 ,0)){ yyerror("invalid expression (bad type)"); - }else if (i_tmp!=RV_INT){ + }else if ($1 && i_tmp!=RV_INT){ yyerror("invalid expression type, int expected\n"); */ }else @@ -2254,28 +2256,28 @@ ct_rval: rval_expr { single_case: CASE ct_rval COLON actions { $$=0; - if ($2==0) yyerror ("bad case label"); + if ($2==0) { yyerror ("bad case label"); YYERROR; } else if ((($$=mk_case_stm($2, 0, $4, &i_tmp))==0) && (i_tmp==-10)){ YYABORT; } } | CASE SLASH ct_rval COLON actions { $$=0; - if ($3==0) yyerror ("bad case label"); + if ($3==0) { yyerror ("bad case label"); YYERROR; } else if ((($$=mk_case_stm($3, 1, $5, &i_tmp))==0) && (i_tmp==-10)){ YYABORT; } } | CASE ct_rval COLON { $$=0; - if ($2==0) yyerror ("bad case label"); + if ($2==0) { yyerror ("bad case label"); YYERROR; } else if ((($$=mk_case_stm($2, 0, 0, &i_tmp))==0) && (i_tmp==-10)){ YYABORT; } } | CASE SLASH ct_rval COLON { $$=0; - if ($3==0) yyerror ("bad case label"); + if ($3==0) { yyerror ("bad regex case label"); YYERROR; } else if ((($$=mk_case_stm($3, 1, 0, &i_tmp))==0) && (i_tmp==-10)){ YYABORT; } @@ -2290,7 +2292,10 @@ single_case: YYABORT; } } - | CASE error { $$=0; yyerror("bad case label"); } + | CASE error COLON actions { $$=0; yyerror("bad case label"); } + | CASE SLASH error COLON actions { $$=0; yyerror("bad case regex label"); } + | CASE error COLON { $$=0; yyerror("bad case label"); } + | CASE SLASH error COLON { $$=0; yyerror("bad case regex label"); } | CASE ct_rval COLON error { $$=0; yyerror ("bad case body"); } ; case_stms:

14 years, 11 months

git:kamailio_3.0: tls: disable kerberos more thoroughly [fix]

by Daniel-Constantin Mierla

Module: sip-router Branch: kamailio_3.0 Commit: aff7ce53ed0dc9a63143f45fa546b7e2640f82b1 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=aff7ce5… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Tue Feb 23 16:10:21 2010 +0100 tls: disable kerberos more thoroughly [fix] Older openssl versions (< 0.9.8e release) have a bug in the kerberos code (it uses the wrong malloc, for more details see openssl bug # 1467). While there is already a workaround for this openssl bug in the sr code (see commits 36cb8f & 560a42), in some situations this workaround causes another bug (crash on connection opening when openssl is compiled with kerberos support and kerberos is enabled for key exchange). The current fix will disable automatically all the ciphers containing KRB5 if the openssl version is < 0.9.8e beta1 or it is between 0.9.9-dev and 0.9.9-beta1. It iss equivalent to setting cipher_list to "<prev. value>:!KRB5". Impact: this fix is needed only if openssl is compiled with kerberos support and the version is < 0.9.8e. It also affects at least CentOS users with openssl-0.9.8e-12.el5_4.1 (in the centos openssl package they play some strange games with the version and report 0.9.8b via SSLeay). Tested-by: Klaus Darilion klaus.mailinglists at pernau.at Reported-by: Klaus Darilion klaus.mailinglists at pernau.at Reported-by: Andreas Rehbein rehbein at e-technik.org Reported-by: Martin Koenig koenig starface.de (cherry picked from commit 51ee5da9ebf09447f71d4393f7c5b703305ff46d) --- modules/tls/tls_domain.c | 35 +++++++++++++++++++++++++++++++---- 1 files changed, 31 insertions(+), 4 deletions(-) diff --git a/modules/tls/tls_domain.c b/modules/tls/tls_domain.c index db35eda..628b3e2 100644 --- a/modules/tls/tls_domain.c +++ b/modules/tls/tls_domain.c @@ -269,6 +269,10 @@ static int load_ca_list(tls_domain_t* d) return 0; } +#define C_DEF_NO_KRB5 "DEFAULT:!KRB5" +#define C_DEF_NO_KRB5_LEN (sizeof(C_DEF_NO_KRB5)-1) +#define C_NO_KRB5_SUFFIX ":!KRB5" +#define C_NO_KRB5_SUFFIX_LEN (sizeof(C_NO_KRB5_SUFFIX)-1) /* * Configure cipher list @@ -277,12 +281,35 @@ static int set_cipher_list(tls_domain_t* d) { int i; int procs_no; - - if (!d->cipher_list.s) return 0; + char* cipher_list; + + cipher_list=d->cipher_list.s; +#ifdef TLS_KSSL_WORKARROUND + if (openssl_kssl_malloc_bug) { /* is openssl bug #1467 present ? */ + if (d->cipher_list.s==0) { + /* use "DEFAULT:!KRB5" */ + cipher_list="DEFAULT:!KRB5"; + } else { + /* append ":!KRB5" */ + cipher_list=shm_malloc(d->cipher_list.len+C_NO_KRB5_SUFFIX_LEN+1); + if (cipher_list) { + memcpy(cipher_list, d->cipher_list.s, d->cipher_list.len); + memcpy(cipher_list+d->cipher_list.len, C_NO_KRB5_SUFFIX, + C_NO_KRB5_SUFFIX_LEN); + cipher_list[d->cipher_list.len+C_NO_KRB5_SUFFIX_LEN]=0; + shm_free(d->cipher_list.s); + d->cipher_list.s=cipher_list; + d->cipher_list.len+=C_NO_KRB5_SUFFIX_LEN; + } + } + } +#endif /* TLS_KSSL_WORKARROUND */ + if (!cipher_list) return 0; procs_no=get_max_procs(); for(i = 0; i < procs_no; i++) { - if (SSL_CTX_set_cipher_list(d->ctx[i], d->cipher_list.s) == 0 ) { - ERR("%s: Failure to set SSL context cipher list\n", tls_domain_str(d)); + if (SSL_CTX_set_cipher_list(d->ctx[i], cipher_list) == 0 ) { + ERR("%s: Failure to set SSL context cipher list \"%s\"\n", + tls_domain_str(d), cipher_list); return -1; } }

14 years, 11 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev