### Description `dialog` module is configured with `db_mode` 1 (realtime). When receiving following broken SIP `200` response (missing 6 bytes between header and body), Kamailio crashes: ``` SIP/2.0 200 OK Via: SIP/2.0/UDP 1.2.3.4;branch=z9hG4bKa185.ad1e5804a90a4f79fa2b09b3b2118053.0 Via: SIP/2.0/UDP 2.3.4.5:7016;received=2.3.4.5;branch=z9hG4bK370933d4;rport=7016 Record-Route: sip:1.2.3.4;lr=on;did=c41.dee From: "1234" sip:1234@example.com;tag=as4cbf81fd To: sip:2345@example.com;tag=3450065082 Call-ID: 727ca44f1e962eb321143475380dfbd9@example.com CSeq: 102 INVITE Contact: sip:2345@3.4.5.6:12500 Content-Type: application/sdp Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE Content-Length: 2170 o=- 20568 20568 IN IP4 3.4.5.6 s=SDP data c=IN IP4 3.4.5.6 t=0 0 m=audio 13002 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=ptime:20 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv ``` Crash happens in [dlg_db_handler.c](https://github.com/kamailio/kamailio/blob/master/src/modules/dialog/dlg_db_h...) ``` LM_DBG("sock_info is %.*s\n", cell->bind_addr[DLG_CALLER_LEG]->sock_str.len, cell->bind_addr[DLG_CALLEE_LEG]->sock_str.s);
SET_STR_VALUE(values+7, cell->bind_addr[DLG_CALLER_LEG]->sock_str); SET_STR_VALUE(values+8, cell->bind_addr[DLG_CALLEE_LEG]->sock_str); ```
#### Debugging Data ``` Thread 1 (Thread 0x7fc64b620700 (LWP 2333)): +bt #0 0x00007fc641675b63 in update_dialog_dbinfo_unsafe (cell=0x7fc619a71ff8) at dlg_db_handler.c:784 #1 0x00007fc641676852 in update_dialog_dbinfo (cell=0x7fc619a71ff8) at dlg_db_handler.c:881 #2 0x00007fc64167c861 in dlg_onreply (t=0x7fc61d7888f0, type=1048576, param=0x7ffe1ce712f0) at dlg_handlers.c:509 #3 0x00007fc6443f4f17 in run_trans_callbacks_internal (cb_lst=0x7fc61d788960, type=1048576, trans=0x7fc61d7888f0, params=0x7ffe1ce712f0) at t_hooks.c:260 #4 0x00007fc6443f5144 in run_trans_callbacks_with_buf (type=1048576, rbuf=0x7fc61d7889b0, req=0x7fc61ec43928, repl=0x7fc646dcbd80, flags=0) at t_hooks.c:305 #5 0x00007fc6443aaabc in relay_reply (t=0x7fc61d7888f0, p_msg=0x7fc646dcbd80, branch=0, msg_status=200, cancel_data=0x7ffe1ce71580, do_put_on_wait=1) at t_reply.c:1950 #6 0x00007fc6443ae844 in reply_received (p_msg=0x7fc646dcbd80) at t_reply.c:2521 #7 0x000055fd54405df6 in do_forward_reply (msg=0x7fc646dcbd80, mode=0) at core/forward.c:749 #8 0x000055fd5440784b in forward_reply (msg=0x7fc646dcbd80) at core/forward.c:851 #9 0x000055fd544522d2 in receive_msg (buf=0x55fd5492d080 <buf> "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP ...", len=960, rcv_info=0x7ffe1ce71ad0) at core/receive.c:341 #10 0x000055fd5436e207 in udp_rcv_loop () at core/udp_server.c:515 #11 0x000055fd542dc608 in main_loop () at main.c:1623 #12 0x000055fd542e46a9 in main (argc=13, argv=0x7ffe1ce71f78) at main.c:2642 ```
### Possible Solutions
Check `bind_addr` before accessing.
### Additional Information
Version was 5.0.x, but at least code in `dlg_handler.c` wasn't modified in `master` since then.