[SR-Users] Kamailio - Nonce validity between Register and Invite

Fri Aug 31 17:08:35 CEST 2012

Hello,

I will look over the code, I just wanted to point that it is safer to 
print by size in this case, otherwise it can get coredump, even if the 
printed characters are not ascii, like:

DBG("auth:pre_auth:api.c:nonce.c Invalid nonce (nonce %.*s)\n", &b_nonce.n.md5_1[0], 16);

Otherwise DBG(..) goes on until finds '\0', which can be in a memory 
zone used by another process.

Cheers,
Daniel

On 8/31/12 4:09 PM, patrice.bodeven at orange.com wrote:
> Hello
>
> The return code is 2.
>
> The problem seems due to "nonce.c"
> if (!memcmp(&b_nonce.n.md5_1[0], &b_nonce2.n.md5_1[0], 16)) {
> xxx
> }
>
> So I put
>
> 	DBG("auth:pre_auth:api.c:nonce.c Invalid nonce (nonce %s)\n", &b_nonce.n.md5_1[0]);
> 	DBG("auth:pre_auth:api.c:nonce.c Invalid nonce (nonce2 %s)\n", &b_nonce2.n.md5_1[0]);
> 	return 2;
> }
>
> The result into log is :
>
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: registrar [lookup.c:229]: '+33296053686' found in usrloc
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth_db [authorize.c:271]: realm value [openims-kamailio-1.mycluster]
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [api.c:95]: auth: digest-algo: MD5 parsed value: 1
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [nonce.c:473]: auth:pre_auth:api.c:nonce.c Invalid nonce (nonce ö§£Â\ÆX`#035~MT~\ÞUl~X~Sb~@»êü#025nÿ| ¹»©Zo#032#YåP~@Ãô#010)
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [nonce.c:474]: auth:pre_auth:api.c:nonce.c Invalid nonce (nonce2 rÍ7B½¿| {Ó9R~R¬FSÖ~Sb~@»êü#025nÿ| ¹»©Zo#032#YåP~@Ãô#010PA#027#030P@Â¸ö§£Â\ÆX`#035~MT~\ÞUl~X~Sb~@»êü#025nÿ| ¹»©Zo#032#YåP~@Ãô#010)
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [api.c:147]: auth:pre_auth: Invalid nonce value received
> Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [api.c:148]: auth:pre_auth: Invalid nonce value received (ret 2)
>
> Cordialement/ Best regards
> Patrice B
>
> -----Message d'origine-----
> De : Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> Envoyé : vendredi 31 août 2012 10:35
> À : SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users Mailing List
> Cc : BODEVEN Patrice RD-CORE
> Objet : Re: [SR-Users] Kamailio - Nonce validity between Register and Invite
>
> Hello,
>
> On 8/30/12 10:43 AM, patrice.bodeven at orange.com wrote:
>> Hello,
>>
>> Sorry, but i am blocked on the nonce reuse between the Register and the INVITE even with the info provided in debug mode.
>>    
>> My understanding is Nonce should be valid between SIP methods until the nonce is valid in the time.
>> But I don't know how the Nonce is stored and how Kamailio is looking for the nonce into the memory !
>>
>> I did a test on Register => nonce reuse is ok.
>> I did a test on INVITE => nonce reuse of Register or on previous INVITE doesn't work !
>>
>> But based on the site indicated below and the SIPP (generate the INVITE with the Nonce of Register), the result is
>> auth_db [authorize.c:271]: realm value [openims-kamailio-1.mycluster]
>> auth [api.c:95]: auth: digest-algo: MD5 parsed value: 1
>> auth [api.c:147]: auth:pre_auth: Invalid nonce value received
>>
>> But there is no explanation why the nonce is invalid.
> can you apply the following patch:
>
> http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sip-router;a=blobdiff;f=modules/auth/api.c;h=c79de5c9dd6cd3e176c05d836c7b0a4275f8a3d2;hp=2ee39a7a6cbcce741365dac97ae8a3db8c196b0c;hb=494b383edde7a2d193c220f3117506e4cc95932f;hpb=e4ecf49add0e62330e1db071106806e35e9b078a
>
> It practically adds the return code in the log message, that should give
> better leads to why the nonce is considered invalid, allowing to track
> back quicker in the source code.
>
> Cheers,
> Daniel
>

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat