[sr-dev] [kamailio/kamailio] Kamailio crashes immediately after receiving SIP ACK if TLS is used (#2028)

Mathias Schneuwly notifications at github.com
Fri Aug 9 16:13:24 CEST 2019 

The problem is reproducible and happens always!
Following the requested information
```
(gdb) frame 0
#0  0xb6c3b4c6 in populate_leg_info (dlg=0xb4ca5b6c, msg=0xb736af40, t=0xb4ca2890, leg=1, tag=0xbf8a3cec) at dlg_handlers.c:257
257	in dlg_handlers.c
(gdb) p*msg
$1 = {id = 3, pid = 26360, tval = {tv_sec = 1565359864, tv_usec = 345022}, fwd_send_flags = {f = 0, blst_imask = 0}, rpl_send_flags = {f = 0, blst_imask = 0}, first_line = {type = 2, flags = 1, len = 16, u = {
      request = {method = {
          s = 0xb4c8fa4c "SIP/2.0 200 OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 I"..., len = 7}, uri = {
          s = 0xb4c8fa54 "200 OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 INVITE\r\nV"..., len = 3}, version = {
          s = 0xb4c8fa58 "OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 INVITE\r\nVia: "..., len = 2}, method_value = 200}, reply = {version = {
          s = 0xb4c8fa4c "SIP/2.0 200 OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 I"..., len = 7}, status = {
          s = 0xb4c8fa54 "200 OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 INVITE\r\nV"..., len = 3}, reason = {
          s = 0xb4c8fa58 "OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 INVITE\r\nVia: "..., len = 2}, statuscode = 200}}}, via1 = 0xb73209f0, via2 = 0xb731e5f8, headers = 0xb731e434, last_header = 0xb731bd30, parsed_flag = 18446744073709551615, h_via1 = 0xb7320a98, 
  h_via2 = 0xb7320b40, callid = 0xb731e38c, to = 0xb731e434, cseq = 0xb731e338, from = 0xb731e3e0, contact = 0xb731e1e8, maxforwards = 0x0, route = 0x0, record_route = 0xb731e140, content_type = 0xb731bd30, 
  content_length = 0xb731e488, authorization = 0x0, expires = 0x0, proxy_auth = 0x0, supported = 0xb7320b94, require = 0x0, proxy_require = 0x0, unsupported = 0x0, allow = 0xb73208ac, event = 0x0, 
  accept = 0x0, accept_language = 0x0, organization = 0x0, priority = 0x0, subject = 0x0, user_agent = 0x0, server = 0xb731e23c, content_disposition = 0x0, diversion = 0x0, rpid = 0x0, refer_to = 0x0, 
  session_expires = 0x0, min_se = 0x0, sipifmatch = 0x0, subscription_state = 0x0, date = 0x0, identity = 0x0, identity_info = 0x0, pai = 0x0, ppi = 0x0, path = 0x0, privacy = 0x0, min_expires = 0x0, 
  body = 0x0, 
  eoh = 0xb4c8fde8 "\r\nv=0\r\no=- 1030092 1030092 IN IP4 192.168.148.100\r\ns=-\r\nc=IN IP4 192.168.148.100\r\nt=0 0\r\nm=audio 16416 RTP/SAVP 0 101\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:101 telephone-event/8000\r\na=fmtp:101 0-15\r\na=ptime"..., 
  unparsed = 0xb4c8fde8 "\r\nv=0\r\no=- 1030092 1030092 IN IP4 192.168.148.100\r\ns=-\r\nc=IN IP4 192.168.148.100\r\nt=0 0\r\nm=audio 16416 RTP/SAVP 0 101\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:101 telephone-event/8000\r\na=fmtp:101 0-15\r\na=ptime"..., rcv = {src_ip = {af = 2, len = 4, u = {addrl = {26519744, 0, 0, 0}, addr32 = {26519744, 0, 0, 0}, addr16 = {43200, 404, 0, 0, 0, 0, 0, 0}, 
        addr = "\300\250\224\001", '\000' <repeats 11 times>}}, dst_ip = {af = 2, len = 4, u = {addrl = {16885952, 0, 0, 0}, addr32 = {16885952, 0, 0, 0}, addr16 = {43200, 257, 0, 0, 0, 0, 0, 0}, 
        addr = "\300\250\001\001", '\000' <repeats 11 times>}}, src_port = 5071, dst_port = 49822, proto_reserved1 = 2, proto_reserved2 = 0, src_su = {s = {sa_family = 2, 
        sa_data = "\023\317\300\250\224\001\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 53011, sin_addr = {s_addr = 26519744}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
        sin6_family = 2, sin6_port = 53011, sin6_flowinfo = 26519744, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
        sin6_scope_id = 0}}, bind_address = 0x0, proto = 3 '\003'}, 
  buf = 0xb4c8fa4c "SIP/2.0 200 OK\r\nTo: \"2222\" <sip:2222 at 192.168.147.1>;tag=dc7a57dd4d28ac12i1\r\nFrom: \"CP8861-1\" <sip:1011000 at 192.168.147.1>;tag=da47994ed202bf86o0\r\nCall-ID: f7de8e42-6dc52f26 at 192.168.147.100\r\nCSeq: 101 I"..., len = 1225, new_uri = {s = 0x0, len = 0}, dst_uri = {s = 0x0, len = 0}, parsed_uri_ok = 0, parsed_uri = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, host = {s = 0x0, 
      len = 0}, port = {s = 0x0, len = 0}, params = {s = 0x0, len = 0}, sip_params = {s = 0x0, len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0, type = ERROR_URI_T, flags = 0, transport = {
      s = 0x0, len = 0}, ttl = {s = 0x0, len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, gr = {s = 0x0, 
      len = 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, 
      len = 0}, r2_val = {s = 0x0, len = 0}, gr_val = {s = 0x0, len = 0}}, parsed_orig_ruri_ok = 0, parsed_orig_ruri = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, host = {s = 0x0, len = 0}, 
    port = {s = 0x0, len = 0}, params = {s = 0x0, len = 0}, sip_params = {s = 0x0, len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0, type = ERROR_URI_T, flags = 0, transport = {s = 0x0, len = 0}, 
    ttl = {s = 0x0, len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, gr = {s = 0x0, len = 0}, 
    transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, 
    r2_val = {s = 0x0, len = 0}, gr_val = {s = 0x0, len = 0}}, add_rm = 0xb731bd84, body_lumps = 0x0, reply_lump = 0x0, add_to_branch_s = '\000' <repeats 57 times>, add_to_branch_len = 0, hash_index = 0, 
  msg_flags = 32768, flags = 2, xflags = {0, 0}, set_global_address = {s = 0x0, len = 0}, set_global_port = {s = 0x0, len = 0}, force_send_socket = 0x0, path_vec = {s = 0x0, len = 0}, instance = {s = 0x0, 
    len = 0}, reg_id = 0, ruid = {s = 0x0, len = 0}, location_ua = {s = 0x0, len = 0}, ldv = {flow = {decoded = 0, rcv = {src_ip = {af = 0, len = 0, u = {addrl = {0, 0, 0, 0}, addr32 = {0, 0, 0, 0}, addr16 = {
              0, 0, 0, 0, 0, 0, 0, 0}, addr = '\000' <repeats 15 times>}}, dst_ip = {af = 0, len = 0, u = {addrl = {0, 0, 0, 0}, addr32 = {0, 0, 0, 0}, addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
            addr = '\000' <repeats 15 times>}}, src_port = 0, dst_port = 0, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, 
            sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
                __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x0, proto = 0 '\000'}}}}
(gdb) p msg->rcv.bind_address
$2 = (struct socket_info *) 0x0
(gdb) p *msg->rcv.bind_address
Cannot access memory at address 0x0

```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2028#issuecomment-519935053
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190809/2ffaeac7/attachment-0001.html>

More information about the sr-dev mailing list