[sr-dev] Bug in www_authorize/challenge functions

Alex Balashov abalashov at evaristesys.com
Thu Oct 7 08:56:04 CEST 2010


All right, will do.  Compiling with debug symbols now for extra  
information.

I don't think it is Postgres-related; I briefly looked at the  
backtrace and there was no evidence at all of database activity.  Nor  
did a TCP packet capture show any database activity.  Instead, it  
seemed to me like the fact that the initial REGISTER request arrived  
without digest/auth headers (like it's supposed to) was taken as  
evidence that user does not exist without further developments.

I will post the backtrace as soon as I have it.

--
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

On Oct 7, 2010, at 2:45 AM, Daniel-Constantin Mierla  
<miconda at gmail.com> wrote:

>
>
> On 10/7/10 7:03 AM, Alex Balashov wrote:
>> I have tinkered with various combinations of modparam values for  
>> 'qop', 'nonce_count', and 'one_time_nonce' to see if it makes a  
>> difference.  It does not.
> Please send the backtrace. It is strange since authentication was  
> deployed on many tests, but with mysql. Might be related to some of  
> latest changes in postgres module.
>
> Cheers,
> Daniel
>
>>
>> On 10/07/2010 01:00 AM, Alex Balashov wrote:
>>
>>> Actually, on further investigation, I think auth <-> auth_db is very
>>> broken in 3.1.0, at least when auth_db is used with Postgres. I
>>> imagine this is because the new 'auth' is from the SER side and
>>> 'auth_db' is from the Kamailio extraction.
>>>
>>> In the below script, www_authorize() returns -1 even though the user
>>> is valid and is in the database table. However, when I look at my
>>> Postgres server's query logs, Kamailio does not actually check the
>>> 'subscriber' table to see if the user exists, nor is the table
>>> demand-loaded at startup. The user and the domain are both quite  
>>> valid.
>>>
>>> I have my script set to send_reply("403", "Forbidden") and 'exit'  
>>> when
>>> www_authorize() returns -1, because if it's an invalid user, there  
>>> is
>>> no point in challenging them. If I remove this reply and 'exit'
>>> however, to test what happens if I www_challenge() anyway, then
>>> Kamailio crashes.
>>>
>>> On 10/06/2010 11:58 PM, Alex Balashov wrote:
>>>
>>>> I seem to be able to crash Kamailio v3.1 by doing this when  
>>>> handling a
>>>> REGISTER:
>>>>
>>>> if(!www_authorize("$td", "subscriber")) {
>>>> # $rc is -1 - "invalid user"
>>>>
>>>> www_challenge("$td", "1");
>>>> exit;
>>>> }
>>>>
>>>> In other words, it cannot find the user, but I call www_challenge()
>>>> anyway, and get a segfault. Can anyone reproduce, before I  
>>>> attempt to
>>>> obtain a backtrace?
>>>>
>>>
>>>
>>
>>
>
> -- 
> Daniel-Constantin Mierla
> http://www.asipto.com
>



More information about the sr-dev mailing list