[SR-Users] bad cseq attack

Daniel-Constantin Mierla miconda at gmail.com
Thu Aug 22 17:55:19 CEST 2013 

On 8/22/13 5:24 PM, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
>> Hope I caught it and fixed now in master.
> i tried, but still no luck:
Indeed, the efective execution of the actions was missing.

I will comment over the rest of proposed changes once I will check the 
sources.

Cheers,
Daniel

>
> Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:229]: parse_first_line(): ERROR:parse_first_line: bad request first line
> Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:231]: parse_first_line(): ERROR: at line 0 char 42:
> Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:237]: parse_first_line(): ERROR: parsed so far: INVITE sip:jh at test.tutpro.com:5060 SIP/2.0
> Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:242]: parse_first_line(): ERROR:parse_first_line: bad message
> Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: ERROR: <core> [parser/msg_parser.c:705]: parse_msg(): ERROR: parse_msg: message=<INVITE sip:jh at test.tutpro.com:5060 SIP/2.0      Via: SIP/2.0/UDP 192.98.102.10:5062;branch=z9hG4bK-21827-1-0#015#012From: sipp <sip:sipp at 192.98.102.10:5062>;tag=21827SIPpTag001#015#012To: sut <sip:jh at test.tutpro.com>#015#012Call-ID: 1-21827 at 192.98.102.10#015#012CSeq: 1 INVITE#015#012Contact: sip:sipp at 192.98.102.10:5062#015#012Max-Forwards: 70#015#012Subject: Performance Test#015#012Content-Type: application/sdp#015#012Content-Length:   137#015#012#015#012v=0#015#012o=user1 53655765 2353687637 IN IP4 192.98.102.10#015#012s=-#015#012c=IN IP4 192.98.102.10#015#012t=0 0#015#012m=audio 6000 RTP/AVP 0#015#012a=rtpmap:0 PCMU/8000#015#012>
> Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: ERROR: <core> [receive.c:148]: receive_msg(): core parsing of SIP message failed (192.98.102.10:5062/1)
>
>> Regarding the verbosity, debug can be lowered, as one option that can be
>> done now.
> in parser/parse_fline.c, i would like to make the first three L_DBG and
> change the last to L_ERR:
>
> 	LOG(L_INFO, "ERROR:parse_first_line: bad %s first line\n",
> 		(fl->type==SIP_REPLY)?"reply(status)":"request");
>
> 	LOG(L_INFO, "ERROR: at line 0 char %d: \n", offset );
> 	prn=pkg_malloc( offset );
> 	if (prn) {
> 		for (t=0; t<offset; t++)
> 			if (*(buffer+t)) *(prn+t)=*(buffer+t);
> 			else *(prn+t)='°';
> 		LOG(L_INFO, "ERROR: parsed so far: %.*s\n", offset, ZSW(prn) );
> 		pkg_free( prn );
> 	};
> error1:
> 	fl->type=SIP_INVALID;
> 	LOG(L_INFO, "ERROR:parse_first_line: bad message\n");
> 	/* skip  line */
> 	nl=eat_line(buffer,len);
> 	return nl;
>
>> The second is to update the code so these log messages are printed to
>> corelog level and change this value in config to be higher than debug:
>>
>> http://www.kamailio.org/wiki/cookbooks/devel/core#corelog
> thanks for the pointer. setting corelog=3 would get rid of the log
> message that prints whole message.
>
> -- juha

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list