[sr-dev] Bug in www_authorize/challenge functions

Alex Balashov abalashov at evaristesys.com
Thu Oct 7 05:58:56 CEST 2010


I seem to be able to crash Kamailio v3.1 by doing this when handling a 
REGISTER:

    if(!www_authorize("$td", "subscriber")) {
       # $rc is -1 - "invalid user"

       www_challenge("$td", "1");
       exit;
    }

In other words, it cannot find the user, but I call www_challenge() 
anyway, and get a segfault.  Can anyone reproduce, before I attempt to 
obtain a backtrace?

-- 
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/



More information about the sr-dev mailing list