<html>
<head>
<meta content="text/html; charset=iso-8859-2"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1"><font face="Helvetica, Arial, sans-serif">Forget on
this.. I see it's fixed in latest 4.3.3 version.. I'm sorry.</font></font><br>
<br>
<div class="moz-cite-prefix">Dňa 18.11.2015 o 18:36 Marian Piater
napísal(a):<br>
</div>
<blockquote cite="mid:564CB71A.3080107@voipsun.cz" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=iso-8859-2">
<font size="-1"><font face="Helvetica, Arial, sans-serif">Hello,<br>
<br>
we had segfault today. Kamailio has been running for few
months without problems. <br>
<br>
Nov 18 10:51:20 sbc kernel: [11326028.926502] kamailio[14452]:
segfault at 30 ip 00007f20f7f3838a sp 00007ffef3ab7b10 error 4
in siptrace.so[7f20f7f23000+27000]<br>
<br>
GDB:<br>
Reading symbols from kamailio...done.<br>
[New LWP 14452]<br>
[Thread debugging using libthread_db enabled]<br>
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".<br>
Core was generated by `/usr/local/sbin/kamailio -f
/etc/kamailio/kamailio.cfg -P /var/run/kamailio/kam'.<br>
Program terminated with signal SIGSEGV, Segmentation fault.<br>
#0 0x00007f20f7f3838a in sip_trace (msg=0x7f2100f96750,
dst=0x0, dir=0x0) at siptrace.c:1041<br>
1041 sto.totag = get_to(msg)->tag_value;<br>
(gdb) bt<br>
#0 0x00007f20f7f3838a in sip_trace (msg=0x7f2100f96750,
dst=0x0, dir=0x0) at siptrace.c:1041<br>
#1 0x0000000000457ca9 in do_action (h=0x7ffef3ab8320,
a=0x7f2100b8a928, msg=0x7f2100f96750) at action.c:1053<br>
#2 0x0000000000463cb9 in run_actions (h=0x7ffef3ab8320,
a=0x7f2100b8a928, msg=0x7f2100f96750) at action.c:1548<br>
#3 0x00000000004643bf in run_top_route (a=0x7f2100b8a928,
msg=0x7f2100f96750, c=0x0) at action.c:1634<br>
#4 0x0000000000573ea7 in receive_msg (<br>
buf=0x9c9400 <buf> "OPTIONS <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:sip:100@XXX.XXX.XX.XX"><a class="moz-txt-link-abbreviated" href="mailto:sip:100@XXX.XXX.XX.XX">sip:100@XXX.XXX.XX.XX</a></a>
SIP/2.0\r\nv: SIP/2.0/UDP
69.64.39.119:5060;branch=z9hG4bK-82135822;rport\r\nContent-Length:
0\r\nf: \"MisterX\"<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:sip:100@1.1.1.1"><sip:100@1.1.1.1></a>;tag=61326665333131663133633401333733313630343335"...,
len=357, rcv_info=0x7ffef3ab85b0) at receive.c:196<br>
#5 0x0000000000493ff5 in udp_rcv_loop () at udp_server.c:495<br>
#6 0x000000000051fdd7 in main_loop () at main.c:1573<br>
#7 0x0000000000525b6b in main (argc=13, argv=0x7ffef3ab8998)
at main.c:2533<br>
(gdb) quit<br>
<br>
Our IP is hidden, but there is 69.64.39.119, which is foreign
address and I think, it was attack. Unfortunatelly I don't
have SIP packet details, but you can see 1.1.1.1 or strange
tag or content-length=0 in received message.<br>
<br>
I looked into siptrace.c and there is function
sip_trace_prepare where is get_from(msg) checked, but no
get_to(msg). This function is run from main sip_trace
function. So I think, we need also check get_to(msg) function.
<br>
<br>
I just disabled siptrace module, but we need it. <br>
<br>
Thank you.<br>
Marian</font></font> </blockquote>
<br>
<pre class="moz-signature" cols="72">--
Marian Piater
VoIPsun s.r.o.
+420 608 24 58 42
<a class="moz-txt-link-abbreviated" href="mailto:marian.piater@voipsun.cz">marian.piater@voipsun.cz</a>
<a class="moz-txt-link-abbreviated" href="http://www.voipsun.cz">www.voipsun.cz</a></pre>
</body>
</html>