[SR-Users] SIP Router 3.03 topoh

dotnetdub dotnetdub at gmail.com
Thu Nov 25 23:38:19 CET 2010 

On 25 November 2010 17:38, marius zbihlei <marius.zbihlei at 1and1.ro> wrote:

>  On 11/25/2010 07:32 PM, dotnetdub wrote:
>
>     Hi Marius,
>>>
>>
>>  I hope this is what your after!
>>
>>  (gdb) add-symbol-file /lib/kamailio/modules/topoh.so
>> 0xb7004000+0x00001d30
>> add symbol table from file "/lib/kamailio/modules/topoh.so" at
>>  .text_addr = 0xb7005d30
>> (y or n) y
>> Reading symbols from /lib/kamailio/modules/topoh.so...done.
>> (gdb) x/s 0xb70070d9
>> 0xb70070d9 <th_skip_msg+9>: <Address 0xb70070d9 out of bounds>
>> (gdb) info registers
>>
>>
>>
>>
>>  Yes I think it is
>>
>> Looking at the debug messages I see the CSeq is wrong.
>>
>> But :
>>
>> int th_skip_msg(sip_msg_t *msg)
>> {
>>         if((get_cseq(msg)->method_id)&(METHOD_REGISTER|METHOD_PUBLISH))
>>                 return 1;
>>
>>         return 0;
>> }
>>
>> As the cseq is wrong the get_cseq macro probably returns a NULL Pointer
>> who gets dereferenced (BANG the crash). Any other Ideas ?!
>>
>> The patch is trivial ( if(!get_cseq(msg))) parse_cseq(....) ) something in
>> this line. Daniel, What do you think ?
>>
>> Marius
>>
>>
>
>  Thanks Marius.
>
>  Glad that we were able to find the issue.
>
>
> Are you able to test a patch if a provide one to you? I wanted to wait for
> Daniel's opinion as I have no way of testing it. If you have a dump of the
> attack traffic or you can generate more with bad CSEQ (as from the message
> log you provided) you can test the patch against your cfg and see if it
> still crashes(hope not). In my opinion the crash should be deterministic.
> You will find the trivial patch attached. If you can test it and it works I
> will push it to upstream (also to 3.0 branch). Keep in mind that other
> probles might appear as well during the processing of the SIP messages. If a
> core does appear please retry the steps in the previous mail with the new
> core and .so offset.
>
> Apply the patch with the patch utility (copy to the modules/topoh and run
> patch < patch) . I await some feedback :)
>
> Marius
>
>
>  Regards
> Brian
>
>

Hi Marius,

Will apply tomorrow and recompile.. I don't have a dump of the attack
traffic but I'm sure it won't take long . . .

Thanks for your assistance.

Regards
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20101125/14d9d5f0/attachment.htm>

More information about the sr-users mailing list