[SR-Users] bad cseq attack

Juha Heinanen jh at tutpro.com
Thu Aug 22 17:24:12 CEST 2013 

Daniel-Constantin Mierla writes:

> Hope I caught it and fixed now in master.

i tried, but still no luck:

Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:229]: parse_first_line(): ERROR:parse_first_line: bad request first line
Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:231]: parse_first_line(): ERROR: at line 0 char 42: 
Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:237]: parse_first_line(): ERROR: parsed so far: INVITE sip:jh at test.tutpro.com:5060 SIP/2.0
Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: INFO: <core> [parser/parse_fline.c:242]: parse_first_line(): ERROR:parse_first_line: bad message
Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: ERROR: <core> [parser/msg_parser.c:705]: parse_msg(): ERROR: parse_msg: message=<INVITE sip:jh at test.tutpro.com:5060 SIP/2.0      Via: SIP/2.0/UDP 192.98.102.10:5062;branch=z9hG4bK-21827-1-0#015#012From: sipp <sip:sipp at 192.98.102.10:5062>;tag=21827SIPpTag001#015#012To: sut <sip:jh at test.tutpro.com>#015#012Call-ID: 1-21827 at 192.98.102.10#015#012CSeq: 1 INVITE#015#012Contact: sip:sipp at 192.98.102.10:5062#015#012Max-Forwards: 70#015#012Subject: Performance Test#015#012Content-Type: application/sdp#015#012Content-Length:   137#015#012#015#012v=0#015#012o=user1 53655765 2353687637 IN IP4 192.98.102.10#015#012s=-#015#012c=IN IP4 192.98.102.10#015#012t=0 0#015#012m=audio 6000 RTP/AVP 0#015#012a=rtpmap:0 PCMU/8000#015#012>
Aug 22 18:15:18 siika /usr/sbin/sip-proxy[21745]: ERROR: <core> [receive.c:148]: receive_msg(): core parsing of SIP message failed (192.98.102.10:5062/1)

> Regarding the verbosity, debug can be lowered, as one option that can be 
> done now.

in parser/parse_fline.c, i would like to make the first three L_DBG and
change the last to L_ERR:

	LOG(L_INFO, "ERROR:parse_first_line: bad %s first line\n",
		(fl->type==SIP_REPLY)?"reply(status)":"request");

	LOG(L_INFO, "ERROR: at line 0 char %d: \n", offset );
	prn=pkg_malloc( offset );
	if (prn) {
		for (t=0; t<offset; t++)
			if (*(buffer+t)) *(prn+t)=*(buffer+t);
			else *(prn+t)='°';
		LOG(L_INFO, "ERROR: parsed so far: %.*s\n", offset, ZSW(prn) );
		pkg_free( prn );
	};
error1:
	fl->type=SIP_INVALID;
	LOG(L_INFO, "ERROR:parse_first_line: bad message\n");
	/* skip  line */
	nl=eat_line(buffer,len);
	return nl;

> The second is to update the code so these log messages are printed to 
> corelog level and change this value in config to be higher than debug:
> 
> http://www.kamailio.org/wiki/cookbooks/devel/core#corelog

thanks for the pointer. setting corelog=3 would get rid of the log
message that prints whole message.

-- juha

More information about the sr-users mailing list