<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hello,<br>
<br>
I did some more safety checks. Can you try it again and report if it
is ok this time? I backported till version 3.0.x.<br>
<br>
If you get some backtrace anytime is a crash, that will help a lot.<br>
<br>
Thanks,<br>
Daniel<br>
<br>
On 2/4/11 5:48 PM, dotnetdub wrote:
<blockquote
cite="mid:AANLkTikvznA3TCCWGzD8X7JFg9Y4nF-wEw+yZPd1vtZY@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On 25 November 2010 17:38, marius zbihlei
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:marius.zbihlei@1and1.ro">marius.zbihlei@1and1.ro</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff">
<div>
<div class="h5">
On 11/25/2010 07:32 PM, dotnetdub wrote:
<blockquote type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="border-left:
1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt
0.8ex; padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff">
<div>
<blockquote type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204,
204, 204); margin: 0pt 0pt 0pt 0.8ex;
padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff"><br>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
</div>
</div>
Are you able to test a patch if a provide one to you? I
wanted to wait
for Daniel's opinion as I have no way of testing it. If you
have a dump
of the attack traffic or you can generate more with bad CSEQ
(as from
the message log you provided) you can test the patch against
your cfg
and see if it still crashes(hope not). In my opinion the
crash should
be deterministic. You will find the trivial patch attached.
If you can
test it and it works I will push it to upstream (also to 3.0
branch).
Keep in mind that other probles might appear as well during
the
processing of the SIP messages. If a core does appear please
retry the
steps in the previous mail with the new core and .so offset.
<br>
<br>
Apply the patch with the patch utility (copy to the
modules/topoh and
run patch < patch) . I await some feedback :)<br>
<br>
Marius<br>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Hi Marius,</div>
<div><br>
</div>
<div>I did apply this patch and recompile. I checked the lib
folder and date of topoh changed to compile date.</div>
<div><br>
</div>
<div>Another SIP attack and core dump again.</div>
<div><br>
</div>
<div>This looks like different memory addresses though.</div>
<div><br>
</div>
<div>proxy:/var/log# dmesg </div>
<div>[1853341.778338] kamailio[20503]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853341.921334] kamailio[20507]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853341.991430] kamailio[20498]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.057429] kamailio[20506]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.139751] kamailio[20505]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.149429] kamailio[20499]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.156097] kamailio[20502]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.160097] kamailio[20501]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.163561] kamailio[20500]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.168357] kamailio[20504]: segfault at 18 ip
b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<p style="margin: 0px; font: 12px Helvetica;">
Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853341.778338] kamailio[20503]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20503]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20503]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20503]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20500]: INFO: <script>: [ROUTE-1] Received
registration from <a moz-do-not-send="true"
href="mailto:sip%3A3564815798@195.191.29.11">sip:3564815798@195.191.29.11</a>
(180.148.1.3)</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20500]: INFO: <script>: [ROUTE-1 !]
Credentials invalid; issuing challenge</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20507]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20507]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20507]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20507]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853341.921334] kamailio[20507]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20498]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20498]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20498]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20498]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853341.991430] kamailio[20498]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20506]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20506]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20506]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20506]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.057429] kamailio[20506]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20505]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20505]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20505]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20505]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.139751] kamailio[20505]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20499]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20499]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20499]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20499]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.149429] kamailio[20499]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20502]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20502]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20502]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20502]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.156097] kamailio[20502]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20501]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20501]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20501]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20501]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.160097] kamailio[20501]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20500]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20500]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20500]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20500]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.163561] kamailio[20500]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20504]: ERROR: <core>
[parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20504]: ERROR: <core>
[parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20504]: ERROR: <core>
[parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 sip[20504]: INFO: <core>
[parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1
REGISTER ACK]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:09
proxy1 kernel: [1853342.168357] kamailio[20504]: segfault at
18 ip b7064220 sp bf9c3370 error 4 in
topoh.so[b7061000+d000]</p>
<p style="margin: 0px; font: 12px Helvetica;">Feb 4 16:19:13
proxy1 sip[20497]: ALERT: <core> [main.c:741]: child
process 20507 exited by a signal 11</p>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
Regards,</div>
<div>Brian</div>
<div><br>
</div>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff">
<blockquote type="cite">
<div class="gmail_quote">
<div><br>
</div>
<div>Regards</div>
<div>Brian </div>
</div>
<br>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a></pre>
</body>
</html>