[SR-Users] Kamailio 3.1.5 crashing during TLS connection setup

Daniel-Constantin Mierla miconda at gmail.com
Mon Oct 22 10:56:38 CEST 2012 

Hello,

it seems you are having a version of ssl lib that does a free(null) 
operation. It is fixed in master and 3.3 branch. Can you upgrade to 3.3.x?

Alternative is to compile 3.1.x with f_malloc -- edit Makefile.defs and 
set MEMDBG=0

Or, backport patches from mem/ done last month -- you can look at them 
with 'git log -p mem/'

3.1.x is no longer officially maintained, but if I get some spare time 
soon, I will backport, or maybe other devs will do it meanwhile.


Cheers,
Daniel

On 10/22/12 10:41 AM, Kamal Palei wrote:
> Dear All
> I have setup Kamailio 3.1.5 with TLS enabled.
> Whenever I receive the REGISTER request from endpoint, trying to 
> forward to next proxy.
> For that I have added below code in kamailio.cfg
>
> /*        if(is_method("REGISTER"))
>         {
>                 t_relay_to("tls:115.114.48.75:5061 
> <http://115.114.48.75:5061>");
>                 exit();
>         }
>
> */I see once REGISTER received at Kamailio proxy, it is sending TCP 
> synch packet to next proxy, next proxy sends back a synch+reset packet.
> Then kamailio proxy is crashing with log as below.
>
> /root at B2BUA:/usr/local/src/scripts# 9(2347) ERROR: <core> 
> [tcp_main.c:4139]: connect 115.114.48.75:5061 
> <http://115.114.48.75:5061> failed
>  9(2347) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer 
> (nil) (out of memory block!) - aborting
> /
> The complete log is given as below. Please let me know how to get out 
> of this issue. I used -m 64 option while starting proxy, but same result.
> Thanks, Kamal, NECS, Bangalore
> /
>  0(2336) INFO: <core> [tcp_main.c:4730]: init_tcp: using epoll_et io 
> watch method (config)
>  0(2338) INFO: usrloc [hslot.c:53]: locks array size 512
>  0(2338) INFO: tls [tls_init.c:511]: tls: _init_tls_h: compiled  with  
> openssl  version "OpenSSL 1.0.1c 10 May 2012" (0x1000103f), kerberos 
> support: off, compression: on
>  0(2338) INFO: tls [tls_init.c:519]: tls: init_tls_h: installed 
> openssl library version "OpenSSL 1.0.1c 10 May 2012" (0x1000103f), 
> kerberos support: off,  zlib compression: off
>  compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
> -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 
> -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS 
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 
> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
> -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
>  0(2338) INFO: tls [tls_init.c:373]: tls: init_tls: disabling 
> compression...
>  0(2338) WARNING: tls [tls_init.c:587]: tls: openssl bug #1491 
> (crash/mem leaks on low memory) workaround enabled (on low memory tls 
> operations will fail preemptively) with free memory thresholds 5242880 
> and 2621440 bytes
>  0(2338) INFO: <core> [cfg/cfg_ctx.c:411]: INFO: cfg_set_now(): 
> tls.low_mem_threshold1 has been changed to 5242880
>  0(2338) INFO: <core> [cfg/cfg_ctx.c:411]: INFO: cfg_set_now(): 
> tls.low_mem_threshold2 has been changed to 2621440
>  0(2338) INFO: <core> [udp_server.c:184]: INFO: udp_init: SO_RCVBUF is 
> initially 112640
>  0(2338) INFO: <core> [udp_server.c:235]: INFO: udp_init: SO_RCVBUF is 
> finally 262142
>  0(2338) INFO: <core> [udp_server.c:184]: INFO: udp_init: SO_RCVBUF is 
> initially 112640
>  0(2338) INFO: <core> [udp_server.c:235]: INFO: udp_init: SO_RCVBUF is 
> finally 262142
>  0(2338) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  0(2338) INFO: tls [tls_domain.c:176]: TLSs<default>: tls_method=9
>  0(2338) INFO: tls [tls_domain.c:188]: TLSs<default>: 
> certificate='/etc/certs/pocserver.com/cert.pem 
> <http://pocserver.com/cert.pem>'
>  0(2338) INFO: tls [tls_domain.c:195]: TLSs<default>: ca_list='(null)'
>  0(2338) INFO: tls [tls_domain.c:202]: TLSs<default>: crl='(null)'
>  0(2338) INFO: tls [tls_domain.c:206]: TLSs<default>: 
> require_certificate=0
>  0(2338) INFO: tls [tls_domain.c:213]: TLSs<default>: cipher_list='(null)'
>  0(2338) INFO: tls [tls_domain.c:220]: TLSs<default>: 
> private_key='/etc/certs/pocserver.com/key.pem 
> <http://pocserver.com/key.pem>'
>  0(2338) INFO: tls [tls_domain.c:224]: TLSs<default>: verify_certificate=0
>  0(2338) INFO: tls [tls_domain.c:227]: TLSs<default>: verify_depth=9
>  0(2338) INFO: tls [tls_domain.c:544]: TLSs<default>: No client 
> certificate required and no checks performed
>  0(2338) INFO: tls [tls_domain.c:176]: TLSc<default>: tls_method=9
>  0(2338) INFO: tls [tls_domain.c:188]: TLSc<default>: certificate='(null)'
>  0(2338) INFO: tls [tls_domain.c:195]: TLSc<default>: ca_list='(null)'
>  0(2338) INFO: tls [tls_domain.c:202]: TLSc<default>: crl='(null)'
>  0(2338) INFO: tls [tls_domain.c:206]: TLSc<default>: 
> require_certificate=1
>  0(2338) INFO: tls [tls_domain.c:213]: TLSc<default>: cipher_list='(null)'
>  0(2338) INFO: tls [tls_domain.c:220]: TLSc<default>: private_key='(null)'
>  0(2338) INFO: tls [tls_domain.c:224]: TLSc<default>: verify_certificate=1
>  0(2338) INFO: tls [tls_domain.c:227]: TLSc<default>: verify_depth=9
>  0(2338) INFO: tls [tls_domain.c:529]: TLSc<default>: Server MUST 
> present valid certificate
>  2(2340) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  1(2339) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  4(2342) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  0(2338) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  6(2344) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  3(2341) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  7(2345) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>  6(2344) INFO: ctl [io_listener.c:224]: io_listen_loop:  using 
> epoll_et io watch method (config)
> root at B2BUA:/usr/local/src/scripts#  9(2347) INFO: rtpproxy 
> [rtpproxy.c:1403]: rtp proxy <udp:127.0.0.1:7729 
> <http://127.0.0.1:7729>> found, support for it enabled
>  8(2346) INFO: rtpproxy [rtpproxy.c:1403]: rtp proxy 
> <udp:127.0.0.1:7729 <http://127.0.0.1:7729>> found, support for it enabled
>
> root at B2BUA:/usr/local/src/scripts#  9(2347) ERROR: <core> 
> [tcp_main.c:4139]: connect 115.114.48.75:5061 
> <http://115.114.48.75:5061> failed
>  9(2347) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer 
> (nil) (out of
>  memory block!) - aborting
>  0(2338) ALERT: <core> [main.c:742]: child process 2347 exited by a 
> signal 6
> /
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121022/4f129816/attachment.htm>

More information about the sr-users mailing list