[sr-dev] Crash on a 302 with empty Contact header

Javi Gallart jgallart at systemonenoc.com
Thu Feb 5 12:04:11 CET 2015 

Hi Daniel

that was quick! It fixed it, thanks a lot

Feb  5 05:58:16 test /usr/local/kamailio/sbin/kamailio[781]: 302 
received, trying to load contacts
Feb  5 05:58:16 test /usr/local/kamailio/sbin/kamailio[781]: ERROR: 
<core> [dset.c:345]: append_branch(): no new uri and no msg to take r-uri
Feb  5 05:58:16 test /usr/local/kamailio/sbin/kamailio[781]: ERROR: 
uac_redirect [rd_funcs.c:306]: shmcontact2dset(): failed to add contact 
to dset
Feb  5 05:58:16 test /usr/local/kamailio/sbin/kamailio[781]: ERROR: 
uac_redirect [rd_funcs.c:108]: get_redirect(): get contact from 
shm_reply branch 0 failed

Regards

Javi
On 05/02/15 11:41, Daniel-Constantin Mierla wrote:
> Hello,
>
> a patch was pushed to master, 4.2 and 4.1 branches. Let me know if issue
> is solved.
>
> Cheers,
> Daniel
>
> On 05/02/15 11:19, Olle E. Johansson wrote:
>> I can repeat this in trunk.
>>
>> /O
>>
>> On 05 Feb 2015, at 11:07, Javi Gallart <jgallart at systemonenoc.com> wrote:
>>
>>> Hello
>>>
>>> lately we have seen some crashes in Kamailio 4.2.1. After some investigation we found that the crashes happen when get_redirects(*) is called in a failure_route on a 302 message containing a Contact header like this:
>>>
>>> Contact: <>
>>>
>>> It's easy to duplicate. This is a sample backtrace:
>>>
>>> Core was generated by `/usr/local/kamailio/sbin/kamailio -P /var/run/kamailio/kamailio.pid -f'.
>>> Program terminated with signal 11, Segmentation fault.
>>> #0  0x00000000004737dc in append_branch (msg=0x0, uri=0x7f4cfc3ba308, dst_uri=0x0, path=0x0, q=10, flags=0, force_socket=0x0, instance=0x7f4cf8ae3b70, reg_id=0, ruid=0x7f4cf8ae3b70, location_ua=0x7f4cf8ae3b70)
>>>     at dset.c:344
>>> 344                     if (msg->new_uri.s)
>>> Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.149.el6.x86_64 pcre-7.8-6.el6.x86_64
>>> (gdb) bt
>>> #0  0x00000000004737dc in append_branch (msg=0x0, uri=0x7f4cfc3ba308, dst_uri=0x0, path=0x0, q=10, flags=0, force_socket=0x0, instance=0x7f4cf8ae3b70, reg_id=0, ruid=0x7f4cf8ae3b70, location_ua=0x7f4cf8ae3b70)
>>>     at dset.c:344
>>> #1  0x00007f4cf88dc843 in shmcontact2dset (req=0x7f4cfb56fb80, sh_rpl=0x7f4cfc43f080, max=-1, reason=0x0, bflags=0) at rd_funcs.c:303
>>> #2  0x00007f4cf88da242 in get_redirect (msg=0x7f4cfb56fb80, maxt=0, maxb=0, reason=0x0, bflags=0) at rd_funcs.c:106
>>> #3  0x00007f4cf88e036b in w_get_redirect2 (msg=0x7f4cfb56fb80, max_c=0x0, reason=0x0) at redirect.c:369
>>> #4  0x00007f4cf88e03ba in w_get_redirect1 (msg=0x7f4cfb56fb80, max_c=0x0, foo=0x0) at redirect.c:380
>>> #5  0x000000000041d329 in do_action (h=0x7fffcf6c27e0, a=0x7f4cfc4144f8, msg=0x7f4cfb56fb80) at action.c:1094
>>> #6  0x00000000004299b1 in run_actions (h=0x7fffcf6c27e0, a=0x7f4cfc4141e0, msg=0x7f4cfb56fb80) at action.c:1583
>>> #7  0x000000000041d204 in do_action (h=0x7fffcf6c27e0, a=0x7f4cfc41f3e8, msg=0x7f4cfb56fb80) at action.c:1079
>>> #8  0x00000000004299b1 in run_actions (h=0x7fffcf6c27e0, a=0x7f4cfc412028, msg=0x7f4cfb56fb80) at action.c:1583
>>> #9  0x000000000042a0de in run_top_route (a=0x7f4cfc412028, msg=0x7f4cfb56fb80, c=0x0) at action.c:1669
>>> #10 0x00007f4cfb2f468e in run_failure_handlers (t=0x7f4c01c524a0, rpl=0x7f4cfc43f080, code=302, extra_flags=64) at t_reply.c:1051
>>> #11 0x00007f4cfb2f72ae in t_should_relay_response (Trans=0x7f4c01c524a0, new_code=302, branch=0, should_store=0x7fffcf6c2b30, should_relay=0x7fffcf6c2b34, cancel_data=0x7fffcf6c2d80, reply=0x7f4cfc43f080)
>>>     at t_reply.c:1406
>>> #12 0x00007f4cfb2f9e0f in relay_reply (t=0x7f4c01c524a0, p_msg=0x7f4cfc43f080, branch=0, msg_status=302, cancel_data=0x7fffcf6c2d80, do_put_on_wait=1) at t_reply.c:1809
>>> #13 0x00007f4cfb2fe40c in reply_received (p_msg=0x7f4cfc43f080) at t_reply.c:2493
>>> #14 0x000000000048bb02 in do_forward_reply (msg=0x7f4cfc43f080, mode=0) at forward.c:783
>>> #15 0x000000000048d13d in forward_reply (msg=0x7f4cfc43f080) at forward.c:885
>>> #16 0x0000000000507978 in receive_msg (
>>>     buf=0xa6e740 "SIP/2.0 302 Redirect Request\r\nVia: SIP/2.0/UDP 79.170.68.186;branch=z9hG4bK1472.15af91d174dcfc95d1b65dfeebfde5aa.0\r\nVia: SIP/2.0/UDP 79.170.64.167:5080;received=79.170.64.167;rport=5080;branch=z9hG4bK"..., len=529, rcv_info=0x7fffcf6c31a0) at receive.c:275
>>> #17 0x000000000060679e in udp_rcv_loop () at udp_server.c:521
>>> #18 0x00000000004a5ab3 in main_loop () at main.c:1629
>>> #19 0x00000000004aad46 in main (argc=13, argv=0x7fffcf6c35b8) at main.c:2561
>>>
>>> Can you take a look?
>>>
>>> Thanks
>>>
>>> Javi
>>>
>>> _______________________________________________
>>> sr-dev mailing list
>>> sr-dev at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

More information about the sr-dev mailing list