[sr-dev] [tracker] Task opened: Looping while parsing malformed Supported field

sip-router bugtracker at sip-router.org
Fri Feb 21 11:02:30 CET 2014 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Savolainen Dmitri (sdi) 

Attached to Project - sip-router
Summary - Looping while parsing malformed  Supported field
Task Type - Bug Report
Category - Core
Status - Unconfirmed
Assigned To - 
Operating System - Linux
Severity - Critical
Priority - Normal
Reported Version - 4.1
Due in Version - Undecided
Due Date - Undecided
Details - Error while parsing malformed  Supported field. Kamailio go to top of CPU usage and stop handling requests. Loop "while (pos < len)" in parse_option_tag_body function  
(parse_option_tags.h) is never stop
<code>
kamcmd> core.info
{
   version: kamailio 4.1.1
   id: ab7f96 -dirty
   compiler: gcc 4.3.4
   compiled: 16:51:25 Jan 20 2014
   flags: STATS: Off, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
}
</code>

<code>
log# gdb /usr/local/kamailio411/sbin/kamailio 26994
(gdb) bt
#0  0x081a8ee5 in parse_option_tag_body (body=0xb3fd3438, tags=0xb3fd5eb0) at parse_option_tags.h:98
#1  0x081a8dce in parse_supported (msg=0xb4005bd4) at parse_supported.c:63
#2  0xaba18a9b in save (_m=0xb4005bd4, _d=0xac091008, _cflags=0, _uri=0x0) at save.c:896
#3  0xaba0f4ab in w_save2 (_m=0xb4005bd4, _d=0xac091008 "\214\017\t�", _cflags=0x0) at reg_mod.c:452
#4  0x0805f7cd in do_action (h=0xbfb86f68, a=0xb3fac5e8, msg=0xb4005bd4) at action.c:1105
#5  0x08067a49 in run_actions (h=0xbfb86f68, a=0xb3fac5e8, msg=0xb4005bd4) at action.c:1599
#6  0x080680ff in run_actions_safe (h=0xbfb88b04, a=0xb3fac5e8, msg=0xb4005bd4) at action.c:1664
#7  0x08103906 in rval_get_int (h=0xbfb88b04, msg=0xb4005bd4, i=0xbfb872c4, rv=0xb3fac75c, cache=0x0) at rvalue.c:924
#8  0x0810507b in rval_expr_eval_int (h=0xbfb88b04, msg=0xb4005bd4, res=0xbfb872c4, rve=0xb3fac758) at rvalue.c:1918
#9  0x08105262 in rval_expr_eval_int (h=0xbfb88b04, msg=0xb4005bd4, res=0xbfb875d0, rve=0xb3facb88) at rvalue.c:1926
#10 0x0805f4cb in do_action (h=0xbfb88b04, a=0xb3fad090, msg=0xb4005bd4) at action.c:1075
#11 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3fac0c8, msg=0xb4005bd4) at action.c:1599
#12 0x0805daee in do_action (h=0xbfb88b04, a=0xb3e9ad50, msg=0xb4005bd4) at action.c:715
#13 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3e9a340, msg=0xb4005bd4) at action.c:1599
#14 0x0805f6fd in do_action (h=0xbfb88b04, a=0xb3ec5ac4, msg=0xb4005bd4) at action.c:1090
#15 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3ec5ac4, msg=0xb4005bd4) at action.c:1599
#16 0x0805f740 in do_action (h=0xbfb88b04, a=0xb3ec5b68, msg=0xb4005bd4) at action.c:1094
#17 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3ec5b68, msg=0xb4005bd4) at action.c:1599
#18 0x0805f740 in do_action (h=0xbfb88b04, a=0xb3ec5c0c, msg=0xb4005bd4) at action.c:1094
#19 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3ec5c0c, msg=0xb4005bd4) at action.c:1599
#20 0x0805f740 in do_action (h=0xbfb88b04, a=0xb3ec5cb0, msg=0xb4005bd4) at action.c:1094
#21 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3e8a2c0, msg=0xb4005bd4) at action.c:1599
#22 0x080681a9 in run_top_route (a=0xb3e8a2c0, msg=0xb4005bd4, c=0x0) at action.c:1685
#23 0x080e458b in receive_msg (
    buf=0x82ea2a0 "REGISTER sip:sip.telphin.com:5068 SIP/2.0\r\nVia: SIP/2.0/UDP 213.170.81.130:5600;branch=z9hG4bKt5eurr2030eg3e4id1s0.1\r\nMax-Forwards: 16\r\nContact: <sip:00041943 at 213.170.81.130:5600;rinstance=cc1a5d7b824"..., len=876, rcv_info=0xbfb88d0c) at receive.c:212
#24 0x08173183 in udp_rcv_loop () at udp_server.c:536
#25 0x080af4fe in main_loop () at main.c:1617
#26 0x080b2450 in main (argc=8, argv=0xbfb88fb4) at main.c:2533
(gdb) p *body
$8 = {
 s = 0x82ea4cd "time�\r\nUser-Agent: Telphin Softphone release 1104a stamp 56747\r\nAuthorization: Digest username=\"XXXXXXXX\",realm=\"sip.telphin.com\",nonce=\"XXXXXXXXXXXXXXXXXXXXX\",uri=\"sip:sip.telphin.com:5068"..., len = 5}
(gdb) n
93        while (pos < len) {
(gdb)
97            val = LOWER_DWORD(READ(p));
(gdb)
98            switch (val) {
(gdb)
121                    if ( pos+5 <= len && LOWER_BYTE(*(p+4))=='r'
(gdb)
93        while (pos < len) {
(gdb)
97            val = LOWER_DWORD(READ(p));
(gdb)
98            switch (val) {
(gdb)
121                    if ( pos+5 <= len && LOWER_BYTE(*(p+4))=='r'
(gdb)
93        while (pos < len) {
(gdb)
97            val = LOWER_DWORD(READ(p));
(gdb)
</code>


More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=396

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the sr-dev mailing list