<br><br><div class="gmail_quote">On 25 November 2010 17:38, marius zbihlei <span dir="ltr"><<a href="mailto:marius.zbihlei@1and1.ro">marius.zbihlei@1and1.ro</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div text="#000000" bgcolor="#ffffff"><div><div></div><div class="h5">
On 11/25/2010 07:32 PM, dotnetdub wrote:
<blockquote type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
<div text="#000000" bgcolor="#ffffff">
<div>
<blockquote type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
<div text="#000000" bgcolor="#ffffff"><br></div></blockquote></div></blockquote></div></div></blockquote>
</div>
</blockquote>
<br></div></div>
Are you able to test a patch if a provide one to you? I wanted to wait
for Daniel's opinion as I have no way of testing it. If you have a dump
of the attack traffic or you can generate more with bad CSEQ (as from
the message log you provided) you can test the patch against your cfg
and see if it still crashes(hope not). In my opinion the crash should
be deterministic. You will find the trivial patch attached. If you can
test it and it works I will push it to upstream (also to 3.0 branch).
Keep in mind that other probles might appear as well during the
processing of the SIP messages. If a core does appear please retry the
steps in the previous mail with the new core and .so offset. <br>
<br>
Apply the patch with the patch utility (copy to the modules/topoh and
run patch < patch) . I await some feedback :)<br>
<br>
Marius<br></div></blockquote><div><br></div><div><br></div><div><br></div><div>Hi Marius,</div><div><br></div><div>I did apply this patch and recompile. I checked the lib folder and date of topoh changed to compile date.</div>
<div><br></div><div>Another SIP attack and core dump again.</div><div><br></div><div>This looks like different memory addresses though.</div><div><br></div><div>proxy:/var/log# dmesg </div><div>[1853341.778338] kamailio[20503]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853341.921334] kamailio[20507]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div><div>[1853341.991430] kamailio[20498]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.057429] kamailio[20506]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div><div>[1853342.139751] kamailio[20505]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.149429] kamailio[20499]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div><div>[1853342.156097] kamailio[20502]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.160097] kamailio[20501]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div><div>[1853342.163561] kamailio[20500]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div>
<div>[1853342.168357] kamailio[20504]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</div><div><br></div><div><br></div><div><br></div><div><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">
Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853341.778338] kamailio[20503]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20503]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20500]: INFO: <script>: [ROUTE-1] Received registration from <a href="mailto:sip%3A3564815798@195.191.29.11">sip:3564815798@195.191.29.11</a> (180.148.1.3)</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20500]: INFO: <script>: [ROUTE-1 !] Credentials invalid; issuing challenge</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20507]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20507]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20507]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20507]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853341.921334] kamailio[20507]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20498]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20498]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20498]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20498]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853341.991430] kamailio[20498]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20506]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20506]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20506]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20506]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.057429] kamailio[20506]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20505]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20505]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20505]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20505]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.139751] kamailio[20505]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20499]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20499]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20499]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20499]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.149429] kamailio[20499]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20502]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20502]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20502]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20502]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.156097] kamailio[20502]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20501]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20501]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20501]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20501]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.160097] kamailio[20501]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20500]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20500]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20500]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20500]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.163561] kamailio[20500]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20504]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20504]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20504]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 sip[20504]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:09 proxy1 kernel: [1853342.168357] kamailio[20504]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000]</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica">Feb 4 16:19:13 proxy1 sip[20497]: ALERT: <core> [main.c:741]: child process 20507 exited by a signal 11</p></div><div><br></div><div><br></div><div>
Regards,</div><div>Brian</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div text="#000000" bgcolor="#ffffff">
<blockquote type="cite">
<div class="gmail_quote">
<div><br>
</div>
<div>Regards</div>
<div>Brian </div>
</div>
<br>
</blockquote>
<br>
</div>
</blockquote></div><br>