[sr-dev] [kamailio/kamailio] BUG: modules msrp file: msrp_cmap.c msrp cmap_save method have logic bug (Issue #3215)

liangbaolin notifications at github.com
Mon Aug 15 12:21:09 CEST 2022 

<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.

If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:

  * http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:

  * http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.

If there is no content to be filled in a section, the entire section can be removed.

You can delete the comments from the template sections when filling.

You can delete next line and everything above before submitting (it is a comment).
-->

### Description
I found some failures in the stress test of MSRP messages and prompted the following error log:
DEBUG: msrp [msrp_netio.c:98]: msrp_relay(): To-Path has only one URI -- nowehere to forward;

<!--
Explain what you did, what you expected to happen, and what actually happened.
-->
After adding the log embedding point, it is found that there is a problem in the logic of adding the linked list of "_msrp_cmap_head - > cslots". The node with a smaller hash value will be added behind the node with a larger "citemid" value, so that the linked list is not arranged strictly in the ascending order of "citemid", resulting in the failure of subsequent queries such as "msrp_cmap_lookup", and thus the normal relay cannot be performed.
37(81) ERROR: msrp [msrp_cmap.c:291]: msrp_cmap_save(): _msrp_cmap_head->cslots[**492932**] item citemid is [**2183628164**], sessionid is [xxxxxxxx]
37(81) ERROR: msrp [msrp_cmap.c:291]: msrp_cmap_save(): _msrp_cmap_head->cslots[**492932**] item citemid is [**2174190980**], sessionid is [xxxxxxxx]
**2183628164>2174190980, out of order.**
### Troubleshooting
source code:
for(itb=_msrp_cmap_head->cslots[idx].first; itb; itb=itb->next)
		{
			if(itb->citemid>it->citemid || itb->next==NULL) {
				**if(itb->next==NULL)** {
					itb->next=it;
					it->prev = itb;
				} else {
					it->next = itb;
					if(itb->prev==NULL) {
						_msrp_cmap_head->cslots[idx].first = it;
					} else {
						itb->prev->next = it;
					}
					it->prev = itb->prev;
					itb->prev = it;
				}
				break;
			}
		}


#### Reproduction

<!--
If the issue can be reproduced, describe how it can be done.
-->

#### Debugging Data

<!--
If you got a core dump, use gdb to extract troubleshooting data - full backtrace,
local variables and the list of the code at the issue location.

  gdb /path/to/kamailio /path/to/corefile
  bt full
  info locals
  list

If you are familiar with gdb, feel free to attach more of what you consider to
be relevant.
-->

```
(paste your debugging data here)
```

#### Log Messages

<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->

```
(paste your log messages here)
```

#### SIP Traffic

<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->

```
(paste your sip traffic here)
```

### Possible Solutions

<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix.
-->

### Additional Information

  Tested against kamailio 5.4.x and actually all versions are affected`

```
fixed code:
for(itb=_msrp_cmap_head->cslots[idx].first; itb; itb=itb->next)
			{
				if(itb->citemid>it->citemid || itb->next==NULL) {
                                       //modifed code
					if(itb->next==NULL && (itb->citemid < it->citemid)) {
						itb->next=it;
						it->prev = itb;
					} else {
						it->next = itb;
						if(itb->prev==NULL) {
							_msrp_cmap_head->cslots[idx].first = it;
						} else {
							itb->prev->next = it;
						}
						it->prev = itb->prev;
						itb->prev = it;
					}
					break;
				}
			}
```

* **Operating System**:

<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `lsb_release -a` and `uname -a`)
-->

```
Ubuntu 16.04
```


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3215
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/issues/3215 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220815/df24bb13/attachment.htm>

More information about the sr-dev mailing list