[sr-dev] [kamailio/kamailio] Segfault in openssl on Xenial (#2274)

Nathan notifications at github.com
Mon Apr 6 01:19:26 CEST 2020 

### Description

Segfault in Kamailio when using mysql (over ssl) and tls listeners.

We have a reproducible segfault with Kamailio on Ubuntu Xenial. The problems is revealed when two modules (db_mysql and tls) and both using the openssl library. The mysql module is using openssl indirectly, because the connection is encrypted by default when the server supports it.

### Troubleshooting

#### Reproduction

Install Kamailio with
- tls listeners enabled
- dispatcher module enabled, from mysql db

Example configuration attached: 



In this case, reproduction with:

- start kamailio
- let dispatcher reload, for example via jsonrpc
- make connection on tls, for example with `openssl s_connect`

Kamailio will crash.

#### Debugging Data

Stack trace, with `libssl1.0.0-dbg` installed:

```
#0  0x0000000000000000 in ?? ()
#1  0x00007ff862d07b0d in getrn (lh=lh at entry=0x7ff8641eb7e8, data=data at entry=0x7ffe1f36e750, rhash=rhash at entry=0x7ffe1f36e6f0) at lhash.c:396
#2  0x00007ff862d0817a in lh_retrieve (lh=0x7ff8641eb7e8, data=data at entry=0x7ffe1f36e750) at lhash.c:248
#3  0x00007ff862d0a651 in int_thread_get_item (d=0x7ffe1f36e750) at err.c:500
#4  0x00007ff862d0b024 in ERR_get_state () at err.c:1023
#5  0x00007ff862d0b25f in ERR_clear_error () at err.c:743
#6  0x00007ff86305c67e in ssl23_accept (s=0x7ff864a282d0) at s23_srvr.c:157
#7  0x00007ff860b70d86 in tls_accept (c=0x7ff864af8810, error=0x7ffe1f36eb30) at tls_server.c:422
#8  0x00007ff860b7a486 in tls_read_f (c=0x7ff864af8810, flags=0x7ffe1f38eedc) at tls_server.c:1116
#9  0x0000000000625ac2 in tcp_read_headers (c=0x7ff864af8810, read_flags=0x7ffe1f38eedc) at core/tcp_read.c:469
#10 0x000000000062d05d in tcp_read_req (con=0x7ff864af8810, bytes_read=0x7ffe1f38eed8, read_flags=0x7ffe1f38eedc) at core/tcp_read.c:1496
#11 0x0000000000631c42 in handle_io (fm=0x7ff885734520, events=1, idx=-1) at core/tcp_read.c:1804
#12 0x0000000000620500 in io_wait_loop_epoll (h=0xae0200 <io_w>, t=2, repeat=0) at core/io_wait.h:1065
#13 0x0000000000633adb in tcp_receive_loop (unix_sock=26) at core/tcp_read.c:1974
#14 0x000000000051a9a1 in tcp_init_children () at core/tcp_main.c:4853
#15 0x000000000042620e in main_loop () at main.c:1745
#16 0x000000000042ca76 in main (argc=7, argv=0x7ffe1f38f578) at main.c:2696
```

#### Log Messages

```
2020-04-05T01:27:37.965778+02:00 nathancmp01 kernel: [432825.787355] kamailio[6296]: segfault at 0 ip           (null) sp 00007ffe4cdaf248 error 14 in kamailio[400000+47b000]
```

#### SIP Traffic

No SIP traffic needed, just a TLS connection.

### Possible Solutions

Could not reproduce with Kamailio 5.3.3 on Ubuntu Bionic nor Debian Buster. Both are using openssl 1.1.x, so I guess that fixes the problem. But Xenial is still on 1.0.2g...

### Additional Information

Tested with Kamailio 5.2 and 5.3.3.

* **Operating System**:

Repro on:
- Ubuntu Xenial

No repro on:
- Ubuntu Bionic
- Debian Buster



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2274
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200405/22405d3c/attachment.html>

More information about the sr-dev mailing list