[Serusers] auth_db in dev12 is causing a core dump

Daniel-Constantin Mierla Daniel-Constantin.Mierla at fokus.fraunhofer.de
Fri Oct 29 10:37:40 CEST 2004 

the problem is that in the definition of the table subscriber the value 
of rpid column is by default set to NULL, so the query to mysql will 
return NULL if there is no rpid value for a user. The quick fix should 
be to test if rpid.s==NULL before doing the strlen() at line 218 in 
authorize.c (replace that line with: if(rpid.s!=0) rpid.len = 
strlen(rpid.s); ). I have no time to test it now, could yo check if this 
solves the issue?

A bit later I can do the tests and send a patch, if the issue is still open.

Daniel


On 10/29/04 10:20, Daniel-Constantin Mierla wrote:

>
>
> On 10/29/04 08:37, Java Rockx wrote:
>
>> berlios cvs shows auth_db changed on 10.25.2004
>>  
>>
> yes, i was too sleepy, I should have taken the shower before reading 
> the mailing list :-) ... Maxim did some recent changes which added 
> some avp operations.
>
>> Anyhow, here is the offending line in the core dump. If you still 
>> need the core
>> dump I can put it on an FTP server.
>>
>> out of bounds authorize.c Line 218: rpid.len = strlen(rpid.s);
>>  
>>
> seems that the rpid.s is not zero terminated or is something else 
> wrong there ... maybe rpid uninitialized ... I will take a look.
>
> Thanks for reporting,
> Daniel
>
>> Regards,
>> Paul
>>
>> #0  0xb72ef4ea in authorize (_m=0x8101480, _realm=0x1, _table=0x1 
>> <Address 0x1
>> out of bounds>, _hftype=1) at authorize.c:218
>> 218                             rpid.len = strlen(rpid.s);
>> (gdb) bt
>> #0  0xb72ef4ea in authorize (_m=0x8101480, _realm=0x1, _table=0x1 
>> <Address 0x1
>> out of bounds>, _hftype=1) at authorize.c:218
>> #1  0xb72eed97 in www_authorize (_m=0x1, _realm=0x1 <Address 0x1 out of
>> bounds>, _table=0x1 <Address 0x1 out of bounds>) at authorize.c:273
>> #2  0x0804ef2a in do_action (a=0x80fe488, msg=0x8101480) at action.c:609
>> #3  0x0805077c in run_actions (a=0x80fe488, msg=0x8101480) at 
>> action.c:707
>> #4  0x0806e81d in eval_elem (e=0x80fe4c0, msg=0x80fe488) at route.c:574
>> #5  0x0806d01c in eval_expr (e=0x80fe4c0, msg=0x8101480) at route.c:623
>> #6  0x0806cfef in eval_expr (e=0x80fe4ec, msg=0x8101480) at route.c:639
>> #7  0x0804ee13 in do_action (a=0x80fe750, msg=0x8101480) at action.c:585
>> #8  0x0805077c in run_actions (a=0x80fe750, msg=0x8101480) at 
>> action.c:707
>> #9  0x0804ee49 in do_action (a=0x80fe928, msg=0x8101480) at action.c:599
>> #10 0x0805077c in run_actions (a=0x80fe928, msg=0x8101480) at 
>> action.c:707
>> #11 0x0804ee49 in do_action (a=0x80ff160, msg=0x8101480) at action.c:599
>> #12 0x0805077c in run_actions (a=0x80ff160, msg=0x8101480) at 
>> action.c:707
>> #13 0x0806a0db in receive_msg (
>>    buf=0x80c3300 "REGISTER sip:sip.mycompany.com SIP/2.0\r\nVia: 
>> SIP/2.0/UDP
>> 192.168.0.83;branch=z9hG4bKcd79a72929d59b77\r\nFrom: \"Paul (1002)\"
>> <sip:1002 at sip.mycompany.com;user=phone>;tag=c5b0a82a0a7e379f\r\nTo:
>> <sip:1002 at sip.mycom"..., len=684, rcv_info=0xbfffc030) at receive.c:165
>> #14 0x0807b99a in udp_rcv_loop () at udp_server.c:458
>> #15 0x0805b9a4 in main_loop () at main.c:910
>> #16 0x0805cd8c in main (argc=2, argv=0xb52bc43c) at main.c:1443
>>
>>
>>
>> --- Daniel-Constantin Mierla 
>> <Daniel-Constantin.Mierla at fokus.fraunhofer.de>
>> wrote:
>>
>>  
>>
>>> the auth_db have not been touched for a while, but it can occur 
>>> because of other changes. Please generate a core dump and, if 
>>> possible, put it somewhere on a ftp/http server for download along 
>>> with ser sources and binaries (compiled ser and modules), otherwise 
>>> send it by mail to private address. Use "ulimit -c unlimited" to 
>>> allow large core dumps into your system.
>>>
>>> The back trace might be also enough, if it is a easy one ("gdb ser 
>>> core_file", then "bt"), will point out where the bug is.
>>>
>>> Daniel
>>>
>>>
>>> On 10/29/04 05:54, Java Rockx wrote:
>>>
>>>   
>>>
>>>> Hi All.
>>>>
>>>> I pulled dev12 from berlios tonight and found that auth_db seems to be
>>>>     
>>>
>>> causing
>>>   
>>>
>>>> a core dump when www_authorize and proxy_authorize are called.
>>>>
>>>> Can anyone verify this as a bug?
>>>>
>>>> Cheers,
>>>> Paul
>>>>
>>>>
>>>>     
>>>>        
>>>> __________________________________
>>>> Do you Yahoo!?
>>>> Yahoo! Mail - You care about security. So do we.
>>>> http://promotions.yahoo.com/new_mail
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>>
>>>>     
>>>
>>
>>
>>
>>        
>> __________________________________
>> Do you Yahoo!?
>> Yahoo! Mail Address AutoComplete - You start. We finish.
>> http://promotions.yahoo.com/new_mail
>>  
>>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list