[sr-dev] [kamailio] uac: new URI [] shorter than old URI results in crash (#543)
Fred Posner
notifications at github.com
Sat Mar 12 03:14:18 CET 2016
```
Server:: kamailio (4.3.5 (x86_64/linux))
Build:: mi_core.c compiled on 07:48:03 Mar 5 2016 with gcc 4.7.2
Flags:: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
GIT:: 950657
```
I'm receiving a crash when using **uac_replace_from** and receiving a modified To uri in the BYE.
Error:
```
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29842]: ERROR: uac [replace.c:608]: restore_uri(): new URI [] shorter than old URI [sip:15559876543 at 192.168.20.85;otg=D3621OAKSMARTVEN]
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29842]: : <core> [mem/q_malloc.c:453]: qm_free(): BUG: qm_free: freeing already freed pointer (0x7f3f63d67d98), called from uac: replace.c: restore_uri(654), first free uac: replace.c: restore_uri(556) - aborting
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29834]: ALERT: <core> [main.c:728]: handle_sigs(): child process 29842 exited by a signal 6
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29834]: ALERT: <core> [main.c:731]: handle_sigs(): core was not generated
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29834]: INFO: <core> [main.c:743]: handle_sigs(): terminating due to SIGCHLD
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29868]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29867]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29860]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29853]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29861]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29841]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29840]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29848]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29837]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29850]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29845]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29836]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29839]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29838]: INFO: <core> [main.c:798]: sig_usr(): signal 15 received
Mar 11 15:54:09 sipbox /usr/local/sbin/kamailio[29834]: INFO: <core> [sctp_core.c:53]: sctp_core_destroy(): SCTP API not initialized
```
Although I believe the URI in the bye to be improperly changed, I am more concerned that this results in a crash.
The SIP traffic for the call follows:
```
2016-03-11 15:52:54 (INVITE)
udp:192.168.20.250:5060 -> udp:192.168.20.85:5060
INVITE sip:15552223333 at 192.168.20.85:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.20.250:5060;branch=z9hG4bK2708804050-1427
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,REGISTER,OPTIONS,NOTIFY,SUBSCRIBE,REFER,MESSAGE,PRACK,INFO
Zultys-Data: mx_call_id=314.531;
User-Agent: Zultys MX250 v9.0.4 build 6
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Min-SE: 1800
Session-Expires: 3600
Supported: 100rel,timer
Contact: sip:company at 192.168.20.250:5060
Content-Type: application/sdp
Content-Length: 295
v=0
o=ZIP4x4-mhollins--se 1457740378 0 IN IP4 192.168.20.250
s=-
c=IN IP4 192.168.20.250
t=0 0
a=sendrecv
m=audio 21092 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000/1
a=rtpmap:8 PCMA/8000/1
a=rtpmap:18 G729/8000/1
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
a=sendrecv
2016-03-11 15:52:54 (INVITE) 100
udp:192.168.20.85:5060 -> udp:192.168.20.250:5060
SIP/2.0 100 CDF trying
Via: SIP/2.0/UDP 192.168.20.250:5060;branch=z9hG4bK2708804050-1427;rport=5060
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Server: company Financial Kamailio
Content-Length: 0
2016-03-11 15:52:54 (INVITE)
udp:192.168.20.85:5060 -> udp:*PUBLICIP3*:5060
INVITE sip:15552223333@*PUBLICIP2*:5060 SIP/2.0
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
Via: SIP/2.0/UDP *PUBLICIP1*:5060;branch=z9hG4bK197f.be257466739be7704c1bcc52ea6d9b99.0
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Max-Forwards: 69
Allow: INVITE,ACK,CANCEL,BYE,REGISTER,OPTIONS,NOTIFY,SUBSCRIBE,REFER,MESSAGE,PRACK,INFO
Zultys-Data: mx_call_id=314.531;
User-Agent: Zultys MX250 v9.0.4 build 6
From: "Agent" <sip:15559876543 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Min-SE: 1800
Session-Expires: 3600
Supported: 100rel,timer
Contact: <sip:company at 192.168.20.250:5060;alias=192.168.20.250~5060~1>
Content-Type: application/sdp
Content-Length: 307
v=0
o=ZIP4x4-mhollins--se 1457740378 0 IN IP4 *PUBLICIP1*
s=-
c=IN IP4 *PUBLICIP1*
t=0 0
a=sendrecv
m=audio 37976 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000/1
a=rtpmap:8 PCMA/8000/1
a=rtpmap:18 G729/8000/1
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
a=sendrecv
a=nortpproxy:yes
2016-03-11 15:52:54 (INVITE) 100
udp:*PUBLICIP3*:5060 -> udp:192.168.20.85:5060
SIP/2.0 100 Giving a try
Via: SIP/2.0/UDP *PUBLICIP1*:5060;branch=z9hG4bK197f.be257466739be7704c1bcc52ea6d9b99.0
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
From: "Agent" <sip:15559876543 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Server: OpenSIPS (1.8.8-notls (x86_64/linux))
Content-Length: 0
2016-03-11 15:52:57 (INVITE) 183
udp:*PUBLICIP3*:5060 -> udp:192.168.20.85:5060
SIP/2.0 183 Session Progress
Via: SIP/2.0/UDP *PUBLICIP1*:5060;branch=z9hG4bK197f.be257466739be7704c1bcc52ea6d9b99.0
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
From: "Agent" <sip:15559876543 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Contact: <sip:callee@*PUBLICIP3*;did=a57.d85c4295>
Allow: INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,OPTIONS
Content-Length: 235
Content-Disposition: session; handling=required
Content-Type: application/sdp
v=0
o=Sonus_UAC 19632 16779 IN IP4 *PUBLICIP4*
s=SIP Media Capabilities
c=IN IP4 *PUBLICIP4*
t=0 0
m=audio 10152 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
2016-03-11 15:52:57 (INVITE) 183
udp:192.168.20.85:5060 -> udp:192.168.20.250:5060
SIP/2.0 183 Session Progress
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Contact: <sip:callee@*PUBLICIP3*;did=a57.d85c4295>
Allow: INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,OPTIONS
Content-Length: 249
Content-Disposition: session; handling=required
Content-Type: application/sdp
v=0
o=Sonus_UAC 19632 16779 IN IP4 *PUBLICIP1*
s=SIP Media Capabilities
c=IN IP4 *PUBLICIP1*
t=0 0
m=audio 41684 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
a=nortpproxy:yes
2016-03-11 15:53:24 (INVITE) 200
udp:*PUBLICIP3*:5060 -> udp:192.168.20.85:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP *PUBLICIP1*:5060;branch=z9hG4bK197f.be257466739be7704c1bcc52ea6d9b99.0
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
From: "Agent" <sip:15559876543 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Accept: application/sdp, application/isup, application/dtmf, application/dtmf-relay, multipart/mixed
Contact: <sip:callee@*PUBLICIP3*;did=a57.d85c4295>
Allow: INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,OPTIONS
Supported: timer
Session-Expires: 1800;refresher=uas
Content-Length: 235
Content-Disposition: session; handling=required
Content-Type: application/sdp
v=0
o=Sonus_UAC 19632 16779 IN IP4 *PUBLICIP4*
s=SIP Media Capabilities
c=IN IP4 *PUBLICIP4*
t=0 0
m=audio 10152 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
2016-03-11 15:53:24 (INVITE) 200
udp:192.168.20.85:5060 -> udp:192.168.20.250:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Accept: application/sdp, application/isup, application/dtmf, application/dtmf-relay, multipart/mixed
Contact: <sip:callee@*PUBLICIP3*;did=a57.d85c4295>
Allow: INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,OPTIONS
Supported: timer
Session-Expires: 1800;refresher=uas
Content-Length: 249
Content-Disposition: session; handling=required
Content-Type: application/sdp
v=0
o=Sonus_UAC 19632 16779 IN IP4 *PUBLICIP1*
s=SIP Media Capabilities
c=IN IP4 *PUBLICIP1*
t=0 0
m=audio 41684 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
a=nortpproxy:yes
2016-03-11 15:53:24 (ACK)
udp:192.168.20.250:5060 -> udp:192.168.20.85:5060
ACK sip:callee@*PUBLICIP3*;did=a57.d85c4295 SIP/2.0
Via: SIP/2.0/UDP 192.168.20.250:5060;branch=z9hG4bK2738320265-1427
Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
Max-Forwards: 70
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 ACK
Contact: sip:company at 192.168.20.250:5060
Content-Length: 0
2016-03-11 15:53:24 (INVITE) 200
udp:*PUBLICIP3*:5060 -> udp:192.168.20.85:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP *PUBLICIP1*:5060;branch=z9hG4bK197f.be257466739be7704c1bcc52ea6d9b99.0
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
From: "Agent" <sip:15559876543 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Accept: application/sdp, application/isup, application/dtmf, application/dtmf-relay, multipart/mixed
Contact: <sip:callee@*PUBLICIP3*;did=a57.d85c4295>
Allow: INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,OPTIONS
Supported: timer
Session-Expires: 1800;refresher=uas
Content-Length: 235
Content-Disposition: session; handling=required
Content-Type: application/sdp
v=0
o=Sonus_UAC 19632 16779 IN IP4 *PUBLICIP4*
s=SIP Media Capabilities
c=IN IP4 *PUBLICIP4*
t=0 0
m=audio 10152 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
2016-03-11 15:53:24 (INVITE) 200
udp:192.168.20.85:5060 -> udp:192.168.20.250:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.20.250:5060;rport=5060;branch=z9hG4bK2708804050-1427
Record-Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 INVITE
Accept: application/sdp, application/isup, application/dtmf, application/dtmf-relay, multipart/mixed
Contact: <sip:callee@*PUBLICIP3*;did=a57.d85c4295>
Allow: INVITE,ACK,CANCEL,BYE,PRACK,UPDATE,OPTIONS
Supported: timer
Session-Expires: 1800;refresher=uas
Content-Length: 249
Content-Disposition: session; handling=required
Content-Type: application/sdp
v=0
o=Sonus_UAC 19632 16779 IN IP4 *PUBLICIP1*
s=SIP Media Capabilities
c=IN IP4 *PUBLICIP1*
t=0 0
m=audio 41684 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
a=nortpproxy:yes
2016-03-11 15:53:24 (ACK)
udp:192.168.20.250:5060 -> udp:192.168.20.85:5060
ACK sip:callee@*PUBLICIP3*;did=a57.d85c4295 SIP/2.0
Via: SIP/2.0/UDP 192.168.20.250:5060;branch=z9hG4bK2738320265-1427
Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
Max-Forwards: 70
From: "Agent" <sip:5554567891 at 192.168.20.85>;tag=1600-zultys--10359998061427_2708804203-1427
To: sip:15552223333 at 192.168.20.85;tag=gK0ca71266
Call-ID: 2708803492-1427
CSeq: 1 ACK
Contact: sip:company at 192.168.20.250:5060
Content-Length: 0
2016-03-11 15:54:09 (BYE)
udp:*PUBLICIP3*:5060 -> udp:192.168.20.85:5060
BYE sip:company at 192.168.20.250:5060;alias=192.168.20.250~5060~1 SIP/2.0
Route: <sip:*PUBLICIP1*;lr;ftag=1600-zultys--10359998061427_2708804203-1427;did=2.0851;vsf=AAAAAAkDDAEBBwUICAVxcQgLHB8HDhYcAh4WDTU-;nat=yes>
Via: SIP/2.0/UDP *PUBLICIP3*:5060;branch=z9hG4bKf4ed.c4647587.0
From: <sip:15552223333 at 192.168.20.85>;tag=gK0ca71266
To: "Agent" <sip:15559876543 at 192.168.20.85;otg=D3621OAKSMARTVEN>;tag=1600-zultys--10359998061427_2708804203-1427
Call-ID: 2708803492-1427
CSeq: 24267 BYE
Content-Length: 0
Max-Forwards: 66
```
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/543
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20160311/5c50684e/attachment-0001.html>
More information about the sr-dev
mailing list