[SR-Users] SIP Router 3.03 topoh
dotnetdub
dotnetdub at gmail.com
Thu Nov 25 23:38:19 CET 2010
On 25 November 2010 17:38, marius zbihlei <marius.zbihlei at 1and1.ro> wrote:
> On 11/25/2010 07:32 PM, dotnetdub wrote:
>
> Hi Marius,
>>>
>>
>> I hope this is what your after!
>>
>> (gdb) add-symbol-file /lib/kamailio/modules/topoh.so
>> 0xb7004000+0x00001d30
>> add symbol table from file "/lib/kamailio/modules/topoh.so" at
>> .text_addr = 0xb7005d30
>> (y or n) y
>> Reading symbols from /lib/kamailio/modules/topoh.so...done.
>> (gdb) x/s 0xb70070d9
>> 0xb70070d9 <th_skip_msg+9>: <Address 0xb70070d9 out of bounds>
>> (gdb) info registers
>>
>>
>>
>>
>> Yes I think it is
>>
>> Looking at the debug messages I see the CSeq is wrong.
>>
>> But :
>>
>> int th_skip_msg(sip_msg_t *msg)
>> {
>> if((get_cseq(msg)->method_id)&(METHOD_REGISTER|METHOD_PUBLISH))
>> return 1;
>>
>> return 0;
>> }
>>
>> As the cseq is wrong the get_cseq macro probably returns a NULL Pointer
>> who gets dereferenced (BANG the crash). Any other Ideas ?!
>>
>> The patch is trivial ( if(!get_cseq(msg))) parse_cseq(....) ) something in
>> this line. Daniel, What do you think ?
>>
>> Marius
>>
>>
>
> Thanks Marius.
>
> Glad that we were able to find the issue.
>
>
> Are you able to test a patch if a provide one to you? I wanted to wait for
> Daniel's opinion as I have no way of testing it. If you have a dump of the
> attack traffic or you can generate more with bad CSEQ (as from the message
> log you provided) you can test the patch against your cfg and see if it
> still crashes(hope not). In my opinion the crash should be deterministic.
> You will find the trivial patch attached. If you can test it and it works I
> will push it to upstream (also to 3.0 branch). Keep in mind that other
> probles might appear as well during the processing of the SIP messages. If a
> core does appear please retry the steps in the previous mail with the new
> core and .so offset.
>
> Apply the patch with the patch utility (copy to the modules/topoh and run
> patch < patch) . I await some feedback :)
>
> Marius
>
>
> Regards
> Brian
>
>
Hi Marius,
Will apply tomorrow and recompile.. I don't have a dump of the attack
traffic but I'm sure it won't take long . . .
Thanks for your assistance.
Regards
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20101125/14d9d5f0/attachment.htm>
More information about the sr-users
mailing list