[SR-Users] Kamailio Crash in TLS acceppt

surendra p psurentax at gmail.com
Mon Feb 22 12:38:06 CET 2021


I am running source code based, I don't see any changes in tls module with
respect to implementation. I have recompiled my kamailio source using
openssl 1.1.1j version.

I tried this below by upgrading openssl using the latest source code.

Vulnerability in OpenSSL - Integer overflow in CipherUpdate (vulners.com)
<https://vulners.com/openssl/OPENSSL:CVE-2021-23840>

Going to monitor kamailio for some days, this core is not straightforward.


On Mon, Feb 22, 2021 at 1:04 PM Henning Westerholt <hw at skalatan.de> wrote:

> Hi,
>
>
>
> try to update to a maintained version (e.g. recent 5.3.x or 5.4.x) – in
> TLS support there have been several bugs fixed in newer releases.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *surendra
> p
> *Sent:* Monday, February 22, 2021 5:26 AM
> *To:* sr-users at lists.kamailio.org
> *Subject:* [SR-Users] Kamailio Crash in TLS acceppt
>
>
>
> Hi Team,
>
>
>
> Kamailio 5.2 getting crashed in tls_accept. Can someone help over here.
>
>
>
> #0  0x00007f1b135c09b2 in EVP_DecryptUpdate () from
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
>
> #1  0x00007f1b135f3034 in ?? () from
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
>
> #2  0x00007f1b135f36a3 in ?? () from
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
>
> #3  0x00007f1b135f4051 in RAND_DRBG_reseed () from
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
>
> #4  0x00007f1b135f457d in RAND_DRBG_generate () from
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
>
> #5  0x00007f1b135f46f1 in RAND_DRBG_bytes () from
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
>
> #6  0x00007f1b1378649e in ?? () from
> /usr/lib/x86_64-linux-gnu/libssl.so.1.1
>
> #7  0x00007f1b13777f5f in ?? () from
> /usr/lib/x86_64-linux-gnu/libssl.so.1.1
>
> #8  0x00007f1b13763f34 in SSL_do_handshake () from
> /usr/lib/x86_64-linux-gnu/libssl.so.1.1
>
> #9  0x00007f1acf246fce in tls_accept (c=0x7f1ad35fdc60,
> error=0x7ffc238dd1dc) at tls_server.c:411
>
> #10 0x00007f1acf2503a3 in tls_read_f (c=0x7f1ad35fdc60,
> flags=0x7ffc238dd50c) at tls_server.c:1097
>
> #11 0x0000559ac2ec9b46 in tcp_read_headers (c=0x7f1ad35fdc60,
> read_flags=0x7ffc238dd50c) at core/tcp_read.c:462
>
> #12 0x0000559ac2eced1c in tcp_read_req (con=0x7f1ad35fdc60,
> bytes_read=0x7ffc238dd514, read_flags=0x7ffc238dd50c) at
> core/tcp_read.c:1348
>
> #13 0x0000559ac2ed5442 in handle_io (fm=0x7f1b13d2cef8, events=8193,
> idx=-1) at core/tcp_read.c:1715
>
> #14 0x0000559ac2ec424a in io_wait_loop_epoll (h=0x559ac3153f80 <io_w>,
> t=2, repeat=0) at core/io_wait.h:1073
>
> #15 0x0000559ac2ed6df4 in tcp_receive_loop (unix_sock=75) at
> core/tcp_read.c:1829
>
> #16 0x0000559ac2db8685 in tcp_init_children () at core/tcp_main.c:4802
>
> #17 0x0000559ac2cb6867 in main_loop () at main.c:1714
>
> #18 0x0000559ac2cbd6af in main (argc=15, argv=0x7ffc238ddb88) at
> main.c:2644
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210222/f4d1da6b/attachment.htm>


More information about the sr-users mailing list