[SR-Users] Kamailio Crashing with excessive Via headers

Daniel-Constantin Mierla miconda at gmail.com
Tue Jun 25 15:59:50 CEST 2013 

Hello,

can you reproduce it always?

If yes, looks like a buffer overflow somewhere -- recompile with 
MEMDBG=1, like:

make cfg MEMDBG=1 ...

(add your specific compile config options as well)

Then run with core parameters memdbg and memlog having values lower than 
debug. Get all the log messages and send them to me (or a link where can 
be downloaded).

Cheers,
Daniel

On 6/25/13 3:37 PM, Krishna Kurapati wrote:
> In 4.x, Following message is crashing the Kamailio.
>
> MESSAGE sip:50.62.12.174:15060;transport=udp SIP/2.0..Via: SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.defaafa4.0..Via: SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.cefaafa4.0..
>   Via: SIP/2.0/UDP 50.62.12.174:15060;branch=z9hG4bK3333.befaafa4.0..
>   Via: SIP/2.0/UDP 50.62.12.174:15060;branch=z9hG4bK3333.aefaafa4.0..
>   Via: SIP/2.0/UDP 50.62.12.174:15060;branch=z9hG4bK33339efaafa4.0..
>   Via: SIP/2.0/UDP 50.62.12.174:15060;branch=z9hG4bK3333.8efaafa4.0..
>   Via: SIP/2.0/UDP 50.62.12.174:15060;branch=z9hG4bK3333.7efaafa4.0..
>   Via: SIP/2.0/UDP 50.62.12.174;branch=z9hk4bK3333.4b488206.0..
>   Via: SIP/2.0/UDP 50.62.12.174;rport=5060;branch=z9hG4bK3333.3b488206.0..
> To: sip:578626051 at 50.62.12.174 <mailto:sip%3A578626051 at 50.62.12.174>..
> From: sip:notifier at abc.com 
> <mailto:sip%3Anotifier at abc.com>;tag=5571efee096a394dda7d0dffc5bb
>   32a5-c771..CSeq: 10 MESSAGE..Call-ID: 
> presence-T[578626051]-R[578626051]..Max-Forwards:  9..Co
>   ntent-Length: 110..User-Agent: kamailio (4.0.1 
> (x86_64/linux))..Content-Type: text/html; chars
>   et=utf-8.
>
> stack trace:
>
> #0  qm_detach_free (qm=0x2ac39d748010, size=64) at mem/q_malloc.c:269
> #1  qm_malloc (qm=0x2ac39d748010, size=64) at mem/q_malloc.c:386
> #2  0x0000000000560fa1 in parse_via (
>     buffer=0x8c6a3b "SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.defaafa4.0\r\nVia: SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.cefaafa4.0\r\nVia: SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.befaafa4.0\r\nVia:"..., 
> end=0x8c6e31 "", vbody=0x2ac39d769e90)
>     at parser/parse_via.c:2540
> #3  0x0000000000538e68 in get_hdr_field (buf=<value optimized out>, 
> end=0x8c6e31 "",
>     hdr=0x2ac39d7999c0) at parser/msg_parser.c:140
> #4  0x0000000000539ac9 in parse_headers (msg=0x2ac39d78a100, flags=2, 
> next=<value optimized out>)
>     at parser/msg_parser.c:351
> #5  0x000000000053af8d in parse_msg (buf=<value optimized out>, 
> len=<value optimized out>,
>     msg=0x2ac39d78a100) at parser/msg_parser.c:650
> #6  0x000000000049a2ef in receive_msg (
>     buf=0x8c6a00 "MESSAGE sip:50.62.72.174:15060;transport=udp 
> SIP/2.0\r\nVia: SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.defaafa4.0\r\nVia: SIP/2.0/UDP 
> 50.62.72.174:15060;branch=z9hG4bK3333.cefaafa4.0\r\nVia: SIP/2.0"..., 
> len=1073, rcv_info=0x7fffb40ab770) at receive.c:144
> #7  0x0000000000528666 in udp_rcv_loop () at udp_server.c:557
> #8  0x0000000000464daa in main_loop () at main.c:1638
> #9  0x0000000000467adc in main (argc=<value optimized out>, 
> argv=<value optimized out>)
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20130625/61ddf98d/attachment-0001.html>

More information about the sr-users mailing list