[sr-dev] segfault calling tls.list in sercmd

Francesco Castellano francesco.castellano at gmail.com
Thu Aug 4 14:33:08 CEST 2011 

Daniel,

thank you. I used once the tracker at http://sip-router.org/tracker,
but I read rumors about changing the tracking system and I was unsure
if it was still the correct place.

Being already available the patch I'll not issue it in the bug
tracker, unless you prefer otherwise.

If I'll be able to reproduce and test the patch I'll let you know!

Best regards,
Francesco

On Thu, Aug 4, 2011 at 11:52 AM, Daniel-Constantin Mierla
<miconda at gmail.com> wrote:
> Hello,
>
> this mailing list is a good place to report. Alternative is the tracker:
> http://sip-router.org/tracker
>
> Hopefully I committed a fix for the issue in GIT master branch. The tls.list
> RPC command could have been used at the moment when the cipher for the tls
> connection was not set. I added a safety check for such situation.
>
> If it is any chance to test it somehow, let us know the results. I will
> probably backport it to 3.1 branch soon. The link to the patch in master
> branch is:
> http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=816a0218130782ea86a3cc16feb2a008fe6fff68
>
> Thanks,
> Daniel
>
> On 8/4/11 11:22 AM, Francesco Castellano wrote:
>>
>> Dear sirs,
>>
>> I'm not sure where should I report a backtrace for this event; so let
>> me add some details in the mailing list, but please advice me if there
>> were more appropriate places for this.
>>
>> Moreover, I'm not sure if it is actually a bug in libssl. In this
>> case, I just wanted you to know it.
>>
>> [server version]
>> $ sudo kamailio -V
>> version: kamailio 3.1.3 (x86_64/linux) 8b3506
>> flags: STATS: Off, EXTRA_DEBUG, USE_IPV6, USE_TCP, USE_TLS, USE_SCTP,
>> TLS_HOOKS, USE_RAW_SOCKS, USE_STUN, DISABLE_NAGLE, USE_MCAST,
>> DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX,
>> FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
>> USE_DST_BLACKLIST, HAVE_RESOLV_RES
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>> MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 32MB
>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>> id: 8b3506
>> compiled on 03:07:12 Apr 28 2011 with gcc 4.4.5
>>
>> [OS]
>> $ sudo cat /etc/apt/sources.list
>> deb http://debian.fastweb.it/debian/ squeeze main
>> deb-src http://debian.fastweb.it/debian/ squeeze main
>> deb http://security.debian.org/ squeeze/updates main
>> deb-src http://security.debian.org/ squeeze/updates main
>> deb http://linux.dell.com/repo/community/deb/latest /
>>
>> $ uname -a
>> Linux sip2 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64
>> GNU/Linux
>>
>> [BT]
>> Program terminated with signal 11, Segmentation fault.
>> #0  SSL_CIPHER_description (cipher=0x0, buf=0x7fff92999420
>> "AES256-SHA", ' '<repeats 14 times>, "SSLv3 Kx=RSA      Au=RSA
>> Enc=AES(256)  Mac=SHA1", len=128)
>>     at ssl_ciph.c:1114
>> 1114    ssl_ciph.c: No such file or directory.
>>         in ssl_ciph.c
>> (gdb) bt
>> #0  SSL_CIPHER_description (cipher=0x0, buf=0x7fff92999420
>> "AES256-SHA", ' '<repeats 14 times>, "SSLv3 Kx=RSA      Au=RSA
>> Enc=AES(256)  Mac=SHA1", len=128)
>>     at ssl_ciph.c:1114
>> #1  0x00007f6d46e48e09 in tls_list (rpc=0x7f6cc2e72ca0,
>> c=0x7fff92999530) at tls_rpc.c:136
>> #2  0x00007f6cc2c50e40 in process_rpc_req (buf=0xd6bbf4
>> "\241\003\v5\355R\260\221\ttls.list", size=18,
>> bytes_needed=0x7fff929996c8, sh=0x7fff92999640,
>>     saved_state=0xd7bbf8) at binrpc_run.c:597
>> #3  0x00007f6cc2c68343 in handle_stream_read (s_c=0xd6bbc0, idx=-1) at
>> io_listener.c:521
>> #4  0x00007f6cc2c68f6d in handle_io (fm=0xd68f98, events=1, idx=-1) at
>> io_listener.c:716
>> #5  0x00007f6cc2c65462 in io_wait_loop_epoll (h=0x7f6cc2e73d00, t=10,
>> repeat=0) at ../../io_wait.h:1092
>> #6  0x00007f6cc2c67086 in io_listen_loop (fd_no=1, cs_lst=0xd39068) at
>> io_listener.c:291
>> #7  0x00007f6cc2c54e76 in mod_child (rank=0) at ctl.c:327
>> #8  0x00000000004e0e75 in init_mod_child (m=0x9555b8, rank=0) at
>> sr_module.c:829
>> #9  0x00000000004e0d60 in init_mod_child (m=0x956618, rank=0) at
>> sr_module.c:826
>> #10 0x00000000004e0d60 in init_mod_child (m=0x956de8, rank=0) at
>> sr_module.c:826
>> #11 0x00000000004e0d60 in init_mod_child (m=0x957330, rank=0) at
>> sr_module.c:826
>> #12 0x00000000004e0d60 in init_mod_child (m=0x958c20, rank=0) at
>> sr_module.c:826
>> #13 0x00000000004e0d60 in init_mod_child (m=0x959cc0, rank=0) at
>> sr_module.c:826
>> #14 0x00000000004e0d60 in init_mod_child (m=0x95b228, rank=0) at
>> sr_module.c:826
>> #15 0x00000000004e0d60 in init_mod_child (m=0x95bcb0, rank=0) at
>> sr_module.c:826
>> #16 0x00000000004e0d60 in init_mod_child (m=0x95d508, rank=0) at
>> sr_module.c:826
>> #17 0x00000000004e0d60 in init_mod_child (m=0x95ed20, rank=0) at
>> sr_module.c:826
>> #18 0x00000000004e0d60 in init_mod_child (m=0x961ac8, rank=0) at
>> sr_module.c:826
>> #19 0x00000000004e0d60 in init_mod_child (m=0x962590, rank=0) at
>> sr_module.c:826
>> #20 0x00000000004e0d60 in init_mod_child (m=0x963450, rank=0) at
>> sr_module.c:826
>> #21 0x00000000004e0d60 in init_mod_child (m=0x9641c0, rank=0) at
>> sr_module.c:826
>> #22 0x00000000004e0d60 in init_mod_child (m=0x964ab8, rank=0) at
>> sr_module.c:826
>> #23 0x00000000004e0d60 in init_mod_child (m=0x965c10, rank=0) at
>> sr_module.c:826
>> #24 0x00000000004e0d60 in init_mod_child (m=0x966010, rank=0) at
>> sr_module.c:826
>> #25 0x00000000004e0d60 in init_mod_child (m=0x9662e8, rank=0) at
>> sr_module.c:826
>> #26 0x00000000004e0d60 in init_mod_child (m=0x966ab8, rank=0) at
>> sr_module.c:826
>> #27 0x00000000004e0d60 in init_mod_child (m=0x967498, rank=0) at
>> sr_module.c:826
>> #28 0x00000000004e0d60 in init_mod_child (m=0x967ce8, rank=0) at
>> sr_module.c:826
>> #29 0x00000000004e0d60 in init_mod_child (m=0x968ad8, rank=0) at
>> sr_module.c:826
>> #30 0x00000000004e0d60 in init_mod_child (m=0x969080, rank=0) at
>> sr_module.c:826
>> #31 0x00000000004e0d60 in init_mod_child (m=0x969b60, rank=0) at
>> sr_module.c:826
>> #32 0x00000000004e0d60 in init_mod_child (m=0x96a500, rank=0) at
>> sr_module.c:826
>> #33 0x00000000004e0d60 in init_mod_child (m=0x96c838, rank=0) at
>> sr_module.c:826
>> #34 0x00000000004e0d60 in init_mod_child (m=0x96ceb0, rank=0) at
>> sr_module.c:826
>> #35 0x00000000004e0fb3 in init_child (rank=0) at sr_module.c:853
>> #36 0x000000000045f128 in main_loop () at main.c:1624
>> #37 0x0000000000461aad in main (argc=13, argv=0x7fff9299a438) at
>> main.c:2398
>> (gdb)
>>
>> [OpenSSL]
>> $ openssl version
>> OpenSSL 0.9.8o 01 Jun 2010
>>
>> $ sudo dpkg -l libssl-dev libssl0.9.8
>> Desired=Unknown/Install/Remove/Purge/Hold
>> |
>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>> ||/ Name                                          Version
>>                          Description
>>
>> +++-=============================================-=============================================-==========================================================================================================
>> ii  libssl-dev                                    0.9.8o-4squeeze1
>>                          SSL development libraries, header files and
>> documentation
>> ii  libssl0.9.8                                   0.9.8o-4squeeze1
>>                          SSL shared libraries
>>
>>  From the Kamailio log file at startup:
>> /usr/local/sbin/kamailio[14488]: INFO: tls [tls_init.c:519]: tls:
>> init_tls_h: installed openssl library version "OpenSSL 0.9.8o 01 Jun
>> 2010" (0x009080ff), kerberos support: off,  zlib compression: on#012
>> compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
>> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3
>> -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT
>> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
>> /usr/local/sbin/kamailio[14488]: WARNING: tls [tls_init.c:587]: tls:
>> openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
>> (on low memory tls operations will fail preemptively) with free memory
>> thresholds 46661632 and 23330816 bytes
>>
>>
>> If you need any other information, please let me know.
>> Unfortunately, being a production server, we cannot promise you to
>> test possibly patches on it.
>>
>> Best regards
>> Francesco Castellano
>>
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
> --
> Daniel-Constantin Mierla -- http://www.asipto.com
> Kamailio Advanced Training, Oct 10-13, Berlin: http://asipto.com/u/kat
> http://linkedin.com/in/miconda -- http://twitter.com/miconda
>
>

More information about the sr-dev mailing list