[Serusers] ser crashes

Jan Janak J.Janak at sh.cvut.cz
Thu Feb 6 00:12:25 CET 2003


Hello,

 I wasn't able to reproduce it, but I think I know where the
 problem is. There is a bug in 0.8.10 which shows up when an INVITE
 contains Route header field. The bug has been fixed in the CVS already.

 If you can compile ser from sources, you can easily fix it in your
 release:

 1) Edit ser-0.8.10/modules/tm/t_msgbuilder.c
 2) Jump to line 103
 3) replace len+= with *len+=
 4) Recompile ser

 I can send you a patch if it is more convinient for you.

  regards, Jan.

On 05-02 12:13, Klaus Darilion wrote:
> Hello!
> 
> During playing around with route headers I discovered that ser crashes
> reproduceable when I send the following request to it with sipsak, I
> think the invite is a valid request with strict routing.
> 
> sipsak.exe -f invite3.txt -s sip:obelix.ict.tuwien.ac.at -vvv
> 
> invite3.txt:
> INVITE sip:obelix.ict.tuwien.ac.at SIP/2.0
> Via: SIP/2.0/UDP 128.131.80.191:5070;branch=z9hG4bK2024693217
> Route: <sip:iptel.org>
> Route: <sip:klaus3000 at klausix.ict.tuwien.ac.at>
> From: <sip:brutus at obelix.ict.tuwien.ac.at>;tag=262992618
> To: <sip:klaus3000 at iptel.org>
> Call-ID: 744056460 at 128.131.80.191
> CSeq: 20 INVITE
> Contact: <sip:brutus at 128.131.80.191:5070>
> max-forwards: 10
> user-agent: oSIP/Linphone-0.9.1
> Content-Type: application/sdp
> Content-Length: 335  
> 
> ..
> sdp
> ..
> 
> 
> then ser stops to respond:
> 
> >[root at obelix darilion]# /etc/init.d/ser status
> >ser dead but subsys locked
> 
> and in /var/log/messages
> Feb  5 11:57:21 obelix ser: Listening on 
> Feb  5 11:57:21 obelix ser:               128.131.80.136
> [128.131.80.136]::5060
> Feb  5 11:57:21 obelix ser: Aliases: obelix.ict.tuwien.ac.at:5060 
> Feb  5 11:57:21 obelix ser: ser startup succeeded
> Feb  5 11:57:21 obelix /usr/sbin/ser[21426]: mod_init(): Database
> connection opened successfuly 
> Feb  5 11:57:21 obelix /usr/sbin/ser[21426]: INFO: udp_init: SO_RCVBUF
> is initially 65535 
> Feb  5 11:57:21 obelix /usr/sbin/ser[21426]: INFO: udp_init: SO_RCVBUF
> is finally 131070 
> Feb  5 11:57:21 obelix /usr/sbin/ser[21432]: INFO: fifo process
> starting: 21432 
> Feb  5 11:57:21 obelix /usr/sbin/ser[21432]: SER: open_uac_fifo: fifo
> server up at /tmp/ser_fifo... 
> 
> ..up to here everything works fine, than I send the request:
> 
> Feb  5 11:57:30 obelix /usr/sbin/ser[21428]: BUG: qm_*: fragm.
> 0x422b9ad0 end overwritten(35322e64, 39306665)! 
> Feb  5 11:57:30 obelix /usr/sbin/ser[21426]: child process 21428 exited
> by a signal 11 
> Feb  5 11:57:30 obelix /usr/sbin/ser[21426]: core was not generated 
> Feb  5 11:57:30 obelix /usr/sbin/ser[21426]: INFO: terminating due to
> SIGCHLD 
> 
> Here is the ngrep output:
> 
> U 128.131.80.101:1558 -> 128.131.80.136:5060
>   INVITE sip:obelix.ict.tuwien.ac.at SIP/2.0..Via: SIP/2.0/UDP
> klausix.ict.tuwien.ac.at:1557..Via: SIP/2.0/UDP
> 128.131.80.191:5070;branch=z9hG4bK2024693217..Route: <sip:iptel.
>   org>..Route: <sip:klaus3000 at klausix.ict.tuwien.ac.at>..From:
> <sip:brutus at obelix.ict.tuwien.ac.at>;tag=262992618..To:
> <sip:klaus3000 at iptel.org>..Call-ID: 744056460 at 128.131.80
>   .191..CSeq: 20 INVITE..Contact:
> <sip:brutus at 128.131.80.191:5070>..max-forwards: 10..user-agent:
> oSIP/Linphone-0.9.1..Content-Type: application/sdp..Content-Length: 335
> ....
>   v=0..o=brutus 123456 654321 IN IP4 128.131.80.191..s=A
> c..onversation..c=IN IP4 128.131.80.191..t=0 0..m=audio 7078 RTP/AVP 3
> 115 8 110 111 101..a=rtpmap:3 gsm/8000/1..a=rtp
>   map:115 lpc10-1.5/8000/1..a=rtpmap:8 PCMA/8000/1..a=rtpmap:110
> speex-4/8000/1..a=rtpmap:111 speex_lbr-4/8000/1..a=rtpmap:101
> telephone-event/8000..a=fmtp:101 0-11..         
> #
> U 128.131.80.136:5060 -> 128.131.80.101:1557
>   SIP/2.0 100 trying -- your call is important to us..Via: SIP/2.0/UDP
> klausix.ict.tuwien.ac.at:1557..Via: SIP/2.0/UDP
> 128.131.80.191:5070;branch=z9hG4bK2024693217..From: <sip
>   :brutus at obelix.ict.tuwien.ac.at>;tag=262992618..To:
> <sip:klaus3000 at iptel.org>..Call-ID: 744056460 at 128.131.80.191..CSeq: 20
> INVITE..Server: Sip EXpress router (0.8.10 (i386/l
>   inux))..Content-Length: 0..Warning: 392 128.131.80.136:5060 "Noisy
> feedback tells: pid=21552 req_src_ip=128.131.80.101
> in_uri=sip:obelix.ict.tuwien.ac.at out_uri=sip:iptel.o
>   rg via_cnt==2"....
> 
> #
> U 128.131.80.136:5060 -> 195.37.77.101:5060
>   INVITE sip:iptel.org SIP/2.0..Via: SIP/2.0/UDP
> 128.131.80.136;branch=z9hG4bK3a6d.25ef09d1.0..Via: SIP/2.0/UDP
> klausix.ict.tuwien.ac.at:1557..Via: SIP/2.0/UDP 128.131.80.191:
>   5070;branch=z9hG4bK2024693217..Route:
> <sip:klaus3000 at klausix.ict.tuwien.ac.at>..From:
> <sip:brutus at obelix.ict.tuwien.ac.at>;tag=262992618..To:
> <sip:klaus3000 at iptel.org>..Call
>   -ID: 744056460 at 128.131.80.191..CSeq: 20 INVITE..Contact:
> <sip:brutus at 128.131.80.191:5070>..max-forwards: 9 ..user-agent:
> oSIP/Linphone-0.9.1..Content-Type: application/sdp..
>   Content-Length: 335  ....v=0..o=brutus 123456 654321 IN IP4
> 128.131.80.191..s=A c..onversation..c=IN IP4 128.131.80.191..t=0
> 0..m=audio 7078 RTP/AVP 3 115 8 110 111 101..a=r
>   tpmap:3 gsm/8000/1..a=rtpmap:115 lpc10-1.5/8000/1..a=rtpmap:8
> PCMA/8000/1..a=rtpmap:110 speex-4/8000/1..a=rtpmap:111
> speex_lbr-4/8000/1..a=rtpmap:101 telephone-event/8000..a
>   =fmtp:101 0-11..
> 
> #
> U 195.37.77.101:5060 -> 128.131.80.136:5060
>   SIP/2.0 407 Proxy Authentication Required..Via: SIP/2.0/UDP
> 128.131.80.136;branch=z9hG4bK3a6d.25ef09d1.0..Via: SIP/2.0/UDP
> klausix.ict.tuwien.ac.at:1557..Via: SIP/2.0/UDP 12
>   8.131.80.191:5070;branch=z9hG4bK2024693217..From:
> <sip:brutus at obelix.ict.tuwien.ac.at>;tag=262992618..To:
> <sip:klaus3000 at iptel.org>;tag=fb86ad2694115d75c77dce61523c9f07.3f3c
>   ..Call-ID: 744056460 at 128.131.80.191..CSeq: 20
> INVITE..Proxy-Authenticate: Digest realm="iptel.org",
> nonce="3e40f29900000000d6e1790446755f1b4b96f5f5bd97b283",
> algorithm=MD5..
>   Server: Sip EXpress router (0.8.9 (i386/linux))..Content-Length:
> 0..Warning: 392 195.37.77.101:5060 "Noisy feedback tells: pid=7651
> req_src_ip=128.131.80.136 in_uri=sip:ipte
>   l.org out_uri=sip:klaus3000 at klausix.ict.tuwien.ac.at via_cnt==3"....
> 
> #
> U 128.131.80.136:5060 -> 128.131.80.101:1557
>   SIP/2.0 407 Proxy Authentication Required..Via: SIP/2.0/UDP
> klausix.ict.tuwien.ac.at:1557..Via: SIP/2.0/UDP
> 128.131.80.191:5070;branch=z9hG4bK2024693217..From: <sip:brutus at o
>   belix.ict.tuwien.ac.at>;tag=262992618..To:
> <sip:klaus3000 at iptel.org>;tag=fb86ad2694115d75c77dce61523c9f07.3f3c..Cal
> l-ID: 744056460 at 128.131.80.191..CSeq: 20 INVITE..Proxy-Aut
>   henticate: Digest realm="iptel.org",
> nonce="3e40f29900000000d6e1790446755f1b4b96f5f5bd97b283",
> algorithm=MD5..Server: Sip EXpress router (0.8.9
> (i386/linux))..Content-Length
>   : 0..Warning: 392 195.37.77.101:5060 "Noisy feedback tells: pid=7651
> req_src_ip=128.131.80.136 in_uri=sip:iptel.org
> out_uri=sip:klaus3000 at klausix.ict.tuwien.ac.at via_cnt==3
>   "....
> 
> #
> U 128.131.80.136:5060 -> 195.37.77.101:5060
>   ACK sip:iptel.org SIP/2.0..Via: SIP/2.0/UDP
> 128.131.80.136;branch=z9hG4bK3a6d.25ef09d1.0..From:
> <sip:brutus at obelix.ict.tuwien.ac.at>;tag=262992618..Call-ID:
> 744056460 at 128.13
>   1.80.191..To:
> <sip:klaus3000 at iptel.org>;tag=fb86ad2694115d75c77dce61523c9f07.3f3c..CSe
> q: 20 ACK..                       
> 
> 
> 
> If you need more details please let me know.
> 
> regards,
> Klaus
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20030206/087c4e75/attachment.pgp>


More information about the sr-users mailing list