[sr-dev] segfault calling tls.list in sercmd

Daniel-Constantin Mierla miconda at gmail.com
Thu Aug 4 11:52:23 CEST 2011 

Hello,

this mailing list is a good place to report. Alternative is the tracker:
http://sip-router.org/tracker

Hopefully I committed a fix for the issue in GIT master branch. The 
tls.list RPC command could have been used at the moment when the cipher 
for the tls connection was not set. I added a safety check for such 
situation.

If it is any chance to test it somehow, let us know the results. I will 
probably backport it to 3.1 branch soon. The link to the patch in master 
branch is:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=816a0218130782ea86a3cc16feb2a008fe6fff68

Thanks,
Daniel

On 8/4/11 11:22 AM, Francesco Castellano wrote:
> Dear sirs,
>
> I'm not sure where should I report a backtrace for this event; so let
> me add some details in the mailing list, but please advice me if there
> were more appropriate places for this.
>
> Moreover, I'm not sure if it is actually a bug in libssl. In this
> case, I just wanted you to know it.
>
> [server version]
> $ sudo kamailio -V
> version: kamailio 3.1.3 (x86_64/linux) 8b3506
> flags: STATS: Off, EXTRA_DEBUG, USE_IPV6, USE_TCP, USE_TLS, USE_SCTP,
> TLS_HOOKS, USE_RAW_SOCKS, USE_STUN, DISABLE_NAGLE, USE_MCAST,
> DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX,
> FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
> USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 32MB
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> id: 8b3506
> compiled on 03:07:12 Apr 28 2011 with gcc 4.4.5
>
> [OS]
> $ sudo cat /etc/apt/sources.list
> deb http://debian.fastweb.it/debian/ squeeze main
> deb-src http://debian.fastweb.it/debian/ squeeze main
> deb http://security.debian.org/ squeeze/updates main
> deb-src http://security.debian.org/ squeeze/updates main
> deb http://linux.dell.com/repo/community/deb/latest /
>
> $ uname -a
> Linux sip2 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux
>
> [BT]
> Program terminated with signal 11, Segmentation fault.
> #0  SSL_CIPHER_description (cipher=0x0, buf=0x7fff92999420
> "AES256-SHA", ' '<repeats 14 times>, "SSLv3 Kx=RSA      Au=RSA
> Enc=AES(256)  Mac=SHA1", len=128)
>      at ssl_ciph.c:1114
> 1114    ssl_ciph.c: No such file or directory.
>          in ssl_ciph.c
> (gdb) bt
> #0  SSL_CIPHER_description (cipher=0x0, buf=0x7fff92999420
> "AES256-SHA", ' '<repeats 14 times>, "SSLv3 Kx=RSA      Au=RSA
> Enc=AES(256)  Mac=SHA1", len=128)
>      at ssl_ciph.c:1114
> #1  0x00007f6d46e48e09 in tls_list (rpc=0x7f6cc2e72ca0,
> c=0x7fff92999530) at tls_rpc.c:136
> #2  0x00007f6cc2c50e40 in process_rpc_req (buf=0xd6bbf4
> "\241\003\v5\355R\260\221\ttls.list", size=18,
> bytes_needed=0x7fff929996c8, sh=0x7fff92999640,
>      saved_state=0xd7bbf8) at binrpc_run.c:597
> #3  0x00007f6cc2c68343 in handle_stream_read (s_c=0xd6bbc0, idx=-1) at
> io_listener.c:521
> #4  0x00007f6cc2c68f6d in handle_io (fm=0xd68f98, events=1, idx=-1) at
> io_listener.c:716
> #5  0x00007f6cc2c65462 in io_wait_loop_epoll (h=0x7f6cc2e73d00, t=10,
> repeat=0) at ../../io_wait.h:1092
> #6  0x00007f6cc2c67086 in io_listen_loop (fd_no=1, cs_lst=0xd39068) at
> io_listener.c:291
> #7  0x00007f6cc2c54e76 in mod_child (rank=0) at ctl.c:327
> #8  0x00000000004e0e75 in init_mod_child (m=0x9555b8, rank=0) at sr_module.c:829
> #9  0x00000000004e0d60 in init_mod_child (m=0x956618, rank=0) at sr_module.c:826
> #10 0x00000000004e0d60 in init_mod_child (m=0x956de8, rank=0) at sr_module.c:826
> #11 0x00000000004e0d60 in init_mod_child (m=0x957330, rank=0) at sr_module.c:826
> #12 0x00000000004e0d60 in init_mod_child (m=0x958c20, rank=0) at sr_module.c:826
> #13 0x00000000004e0d60 in init_mod_child (m=0x959cc0, rank=0) at sr_module.c:826
> #14 0x00000000004e0d60 in init_mod_child (m=0x95b228, rank=0) at sr_module.c:826
> #15 0x00000000004e0d60 in init_mod_child (m=0x95bcb0, rank=0) at sr_module.c:826
> #16 0x00000000004e0d60 in init_mod_child (m=0x95d508, rank=0) at sr_module.c:826
> #17 0x00000000004e0d60 in init_mod_child (m=0x95ed20, rank=0) at sr_module.c:826
> #18 0x00000000004e0d60 in init_mod_child (m=0x961ac8, rank=0) at sr_module.c:826
> #19 0x00000000004e0d60 in init_mod_child (m=0x962590, rank=0) at sr_module.c:826
> #20 0x00000000004e0d60 in init_mod_child (m=0x963450, rank=0) at sr_module.c:826
> #21 0x00000000004e0d60 in init_mod_child (m=0x9641c0, rank=0) at sr_module.c:826
> #22 0x00000000004e0d60 in init_mod_child (m=0x964ab8, rank=0) at sr_module.c:826
> #23 0x00000000004e0d60 in init_mod_child (m=0x965c10, rank=0) at sr_module.c:826
> #24 0x00000000004e0d60 in init_mod_child (m=0x966010, rank=0) at sr_module.c:826
> #25 0x00000000004e0d60 in init_mod_child (m=0x9662e8, rank=0) at sr_module.c:826
> #26 0x00000000004e0d60 in init_mod_child (m=0x966ab8, rank=0) at sr_module.c:826
> #27 0x00000000004e0d60 in init_mod_child (m=0x967498, rank=0) at sr_module.c:826
> #28 0x00000000004e0d60 in init_mod_child (m=0x967ce8, rank=0) at sr_module.c:826
> #29 0x00000000004e0d60 in init_mod_child (m=0x968ad8, rank=0) at sr_module.c:826
> #30 0x00000000004e0d60 in init_mod_child (m=0x969080, rank=0) at sr_module.c:826
> #31 0x00000000004e0d60 in init_mod_child (m=0x969b60, rank=0) at sr_module.c:826
> #32 0x00000000004e0d60 in init_mod_child (m=0x96a500, rank=0) at sr_module.c:826
> #33 0x00000000004e0d60 in init_mod_child (m=0x96c838, rank=0) at sr_module.c:826
> #34 0x00000000004e0d60 in init_mod_child (m=0x96ceb0, rank=0) at sr_module.c:826
> #35 0x00000000004e0fb3 in init_child (rank=0) at sr_module.c:853
> #36 0x000000000045f128 in main_loop () at main.c:1624
> #37 0x0000000000461aad in main (argc=13, argv=0x7fff9299a438) at main.c:2398
> (gdb)
>
> [OpenSSL]
> $ openssl version
> OpenSSL 0.9.8o 01 Jun 2010
>
> $ sudo dpkg -l libssl-dev libssl0.9.8
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name                                          Version
>                           Description
> +++-=============================================-=============================================-==========================================================================================================
> ii  libssl-dev                                    0.9.8o-4squeeze1
>                           SSL development libraries, header files and
> documentation
> ii  libssl0.9.8                                   0.9.8o-4squeeze1
>                           SSL shared libraries
>
>  From the Kamailio log file at startup:
> /usr/local/sbin/kamailio[14488]: INFO: tls [tls_init.c:519]: tls:
> init_tls_h: installed openssl library version "OpenSSL 0.9.8o 01 Jun
> 2010" (0x009080ff), kerberos support: off,  zlib compression: on#012
> compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3
> -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT
> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
> /usr/local/sbin/kamailio[14488]: WARNING: tls [tls_init.c:587]: tls:
> openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
> (on low memory tls operations will fail preemptively) with free memory
> thresholds 46661632 and 23330816 bytes
>
>
> If you need any other information, please let me know.
> Unfortunately, being a production server, we cannot promise you to
> test possibly patches on it.
>
> Best regards
> Francesco Castellano
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Oct 10-13, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda

More information about the sr-dev mailing list