[ opensips-Bugs-2795917 ] [PATCH] lcr module crashes if ruri_user is void

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ opensips-Bugs-2795917 ] [PATCH] lcr module crashes if ruri_user is void

SourceForge.net
Bugs item #2795917, was opened at 2009-05-23 22:47
Message generated for change (Settings changed) made by bogdan_iancu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2795917&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: modules
Group: 1.4.x
Status: Open
>Resolution: Accepted
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: [PATCH] lcr module crashes if ruri_user is void

Initial Comment:
lcd module running in prefix_mode=1 is bound to crash in an incoming INVITE's Request-URI doesn't contain username part:

May 23 19:10:56 SIPS4 /usr/local/sbin/opensips[8754]: ----- Processing INVITE RURI=sip:11.11.11.11 F=sip:2123752645@22.22.22.22 T=sip:11.11.11.11 IP=22.22.22.22 ID=5781c4b2739bcab21003ab7162826e30@22.22.22.22
May 23 19:10:56 SIPS4 kernel: opensips[8754]: segfault at 0000000000000000 rip 00002aaaab15f080 rsp 00007fff1d3b27c8 error 4
May 23 19:10:57 SIPS4 /usr/local/sbin/opensips[8752]: INFO:core:handle_sigs: child process 8754 exited by a signal 11

(gdb) bt
#0  0x00002aaaab15f080 in strlen () from /lib/libc.so.6
#1  0x00002aaaab1a0d08 in regexec () from /lib/libc.so.6
#2  0x00002aaaada31fec in do_load_gws (_m=0x7bde18, _from_uri=0x0, _grp_id=-1) at lcr_mod.c:1271
#3  0x00002aaaada3387d in load_gws_0 (_m=0x7bde18, _s1=0x0, _s2=0x0) at lcr_mod.c:1512
#4  0x000000000041106b in do_action (a=0x771580, msg=0x7bde18) at action.c:845
#5  0x000000000040e13a in run_action_list (a=0x771580, msg=0x7bde18) at action.c:138
#6  0x0000000000452da3 in eval_elem (e=0x771650, msg=0x7bde18, val=0x0) at route.c:1133
#7  0x0000000000456e9d in eval_expr (e=0x771650, msg=0x7bde18, val=0x0) at route.c:1430
#8  0x0000000000456f81 in eval_expr (e=0x771698, msg=0x7bde18, val=0x0) at route.c:1446
#9  0x0000000000456fb5 in eval_expr (e=0x7716e0, msg=0x7bde18, val=0x0) at route.c:1451
#10 0x00000000004107cb in do_action (a=0x771a78, msg=0x7bde18) at action.c:700
#11 0x000000000040e13a in run_action_list (a=0x771a78, msg=0x7bde18) at action.c:138
#12 0x000000000040e415 in run_actions (a=0x771a78, msg=0x7bde18) at action.c:118
#13 0x000000000040fa19 in do_action (a=0x76e9d0, msg=0x7bde18) at action.c:483
#14 0x000000000040e13a in run_action_list (a=0x76e4e0, msg=0x7bde18) at action.c:138
#15 0x000000000041090a in do_action (a=0x76efa0, msg=0x7bde18) at action.c:717
#16 0x000000000040e13a in run_action_list (a=0x76efa0, msg=0x7bde18) at action.c:138
#17 0x000000000041090a in do_action (a=0x76f140, msg=0x7bde18) at action.c:717
#18 0x000000000040e13a in run_action_list (a=0x769008, msg=0x7bde18) at action.c:138
#19 0x000000000040e415 in run_actions (a=0x769008, msg=0x7bde18) at action.c:118
#20 0x000000000040e4de in run_top_route (a=0x769008, msg=0x7bde18) at action.c:179
#21 0x000000000044aae3 in receive_msg (
    buf=0x73cbe0 "INVITE sip:11.11.11.11 SIP/2.0\r\nVia: SIP/2.0/UDP 22.22.22.22:5060;branch=z9hG4bK0f49cc08;rport\r\nFrom: \"Unavailable\" <sip:2123752645@22.22.22.22>;tag=as5ae62e90\r\nTo: <sip:11.11.11.11>\r\nCont"..., len=869, rcv_info=0x7fff1d3c0430) at receive.c:165
#22 0x00000000004836fa in udp_rcv_loop () at udp_server.c:449
#23 0x0000000000423968 in main_loop () at main.c:780
#24 0x0000000000425d5d in main (argc=9, argv=0x7fff1d3c0688) at main.c:1319

Reproduced on 1.4.4 but all versions are affected. I suggest the following patch:

Index: lcr_mod.c
===================================================================
--- lcr_mod.c   (revision 5245)
+++ lcr_mod.c   (working copy)
@@ -1194,7 +1194,7 @@
     struct lcr_info lcr_rec;

     /* Find Request-URI user */
-    if (parse_sip_msg_uri(_m) < 0) {
+    if ((parse_sip_msg_uri(_m) < 0) || (!_m->parsed_uri.user.s)) {
            LM_ERR("Error while parsing R-URI\n");
            return -1;
     }


----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2009-05-23 22:49

Message:
Feel free to ask me should you want to test something since I have
everything set up.
Andrew <[hidden email]>

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2795917&group_id=232389

_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel