sr-dev September 2011

sr-dev@lists.kamailio.org

40 participants
298 discussions

[tracker] Comment added: t_reply 302 redirects use wrong to-tag after fr_inv_timer fires

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#152 - t_reply 302 redirects use wrong to-tag after fr_inv_timer fires User who did this - Daniel-Constantin Mierla (miconda) ---------- Hi Andrew, is this really SIP RFC requirement or even compliant? Thinking of serial/parallel forking, several and different To-tags can go back to caller within many 1xx replies. They have to be discarded and the one in final reply has to be considered good, so IMO the phone is buggy. What happens if there is a parallel forking and there are many 1xx, but then timeout and 302? Which branch is considered good? Furthermore, one may have the redirect server as separate Kamailio instance, so on timeout of previous branches a new one is sent to redirect server which replies directly 302, having no idea of the branches in main proxy. What happens then, polycom will ignore it? I understand it solves an issue with some Polycoms, but I don't think it is the right approach to make this default in the proxy. Ideally Polycom will solve the bug. If it has to be "fixed" in the proxy, then it has to be something optional/configurable, with at less impact as possible on default behaviour. ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=152#comment277 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] Task closed: msg_parser memory leak

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#155 - msg_parser memory leak User who did this - Daniel-Constantin Mierla (miconda) Reason for closing: Fixed Additional comments about closing: Thanks! Patch v2 applied to GIT master branch and will be backported to 3.1 branch. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=155 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] User took ownership: msg_parser memory leak

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. Daniel-Constantin Mierla has taken ownership of the following task: FS#155 - msg_parser memory leak More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=155 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

git:master: parser: switch pkg_free(tob) to free_to(tob) to free To header structure

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: dc453ac1e9d631c417b1b9c70d7b9d92107b389f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=dc453ac… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Mon Sep 19 13:29:44 2011 +0200 parser: switch pkg_free(tob) to free_to(tob) to free To header structure - this takes care of freeing parameters in case of paring error of To-like headers - patch by Walter Doekes, closes FS#155 --- lib/kcore/parse_pai.c | 2 +- lib/kcore/parse_ppi.c | 2 +- modules/sanity/sanity.c | 2 +- modules_k/seas/encode_header.c | 2 +- parser/msg_parser.c | 4 ++-- parser/parse_diversion.c | 2 +- parser/parse_from.c | 2 +- parser/parse_refer_to.c | 2 +- parser/parse_rpid.c | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/kcore/parse_pai.c b/lib/kcore/parse_pai.c index 5cd580f..d0dda3d 100644 --- a/lib/kcore/parse_pai.c +++ b/lib/kcore/parse_pai.c @@ -66,7 +66,7 @@ int parse_pai_header( struct sip_msg *msg ) parse_to(msg->pai->body.s, msg->pai->body.s + msg->pai->body.len+1, pai_b); if (pai_b->error == PARSE_ERROR) { LM_ERR("bad P-Asserted-Identity header\n"); - pkg_free(pai_b); + free_to(pai_b); goto error; } msg->pai->parsed = pai_b; diff --git a/lib/kcore/parse_ppi.c b/lib/kcore/parse_ppi.c index 5857709..4dc9ec8 100644 --- a/lib/kcore/parse_ppi.c +++ b/lib/kcore/parse_ppi.c @@ -74,7 +74,7 @@ int parse_ppi_header( struct sip_msg *msg ) ppi_b); if (ppi_b->error == PARSE_ERROR) { LM_ERR("bad P-Preferred-Identity header\n"); - pkg_free(ppi_b); + free_to(ppi_b); goto error; } msg->ppi->parsed = ppi_b; diff --git a/modules/sanity/sanity.c b/modules/sanity/sanity.c index e60a28c..fe6585a 100644 --- a/modules/sanity/sanity.c +++ b/modules/sanity/sanity.c @@ -756,7 +756,7 @@ int check_parse_uris(struct sip_msg* _msg, int checks) { LOG(L_WARN, "sanity_check(): check_parse_uris():" " failed to parse From header [%.*s]\n", _msg->from->body.len, _msg->from->body.s); - pkg_free(ft_body); + free_to(ft_body); if (_msg->REQ_METHOD != METHOD_ACK) { if (slb.zreply(_msg, 400, "Bad From header") < 0) { LOG(L_WARN, "sanity_check(): check_parse_uris():" diff --git a/modules_k/seas/encode_header.c b/modules_k/seas/encode_header.c index 0f7e532..549558c 100644 --- a/modules_k/seas/encode_header.c +++ b/modules_k/seas/encode_header.c @@ -139,7 +139,7 @@ int encode_header(struct sip_msg *sipmsg,struct hdr_field *hdr,unsigned char *pa parse_to(hdr->body.s,hdr->body.s+hdr->body.len+1,tobody); if (tobody->error == PARSE_ERROR) { myerror="bad (REFER,TO,FROM,RPID) header\n"; - pkg_free(tobody); + free_to(tobody); return 5; goto error; } diff --git a/parser/msg_parser.c b/parser/msg_parser.c index 705c5fb..73a86cf 100644 --- a/parser/msg_parser.c +++ b/parser/msg_parser.c @@ -156,7 +156,7 @@ char* get_hdr_field(char* buf, char* end, struct hdr_field* hdr) tmp=parse_cseq(tmp, end, cseq_b); if (cseq_b->error==PARSE_ERROR){ LOG(L_ERR, "ERROR: get_hdr_field: bad cseq\n"); - pkg_free(cseq_b); + free_cseq(cseq_b); goto error; } hdr->parsed=cseq_b; @@ -177,7 +177,7 @@ char* get_hdr_field(char* buf, char* end, struct hdr_field* hdr) tmp=parse_to(tmp, end,to_b); if (to_b->error==PARSE_ERROR){ LOG(L_ERR, "ERROR: get_hdr_field: bad to header\n"); - pkg_free(to_b); + free_to(to_b); goto error; } hdr->parsed=to_b; diff --git a/parser/parse_diversion.c b/parser/parse_diversion.c index e34d9bc..8f07f53 100644 --- a/parser/parse_diversion.c +++ b/parser/parse_diversion.c @@ -69,7 +69,7 @@ int parse_diversion_header(struct sip_msg *msg) parse_to(msg->diversion->body.s, msg->diversion->body.s + msg->diversion->body.len + 1, diversion_b); if (diversion_b->error == PARSE_ERROR) { LOG(L_ERR, "ERROR:parse_diversion_header: bad diversion header\n"); - pkg_free(diversion_b); + free_to(diversion_b); goto error; } msg->diversion->parsed = diversion_b; diff --git a/parser/parse_from.c b/parser/parse_from.c index c33f391..79c831f 100644 --- a/parser/parse_from.c +++ b/parser/parse_from.c @@ -77,7 +77,7 @@ int parse_from_header( struct sip_msg *msg) parse_to(msg->from->body.s,msg->from->body.s+msg->from->body.len+1,from_b); if (from_b->error == PARSE_ERROR) { LOG(L_ERR, "ERROR:parse_from_header: bad from header\n"); - pkg_free(from_b); + free_to(from_b); goto error; } msg->from->parsed = from_b; diff --git a/parser/parse_refer_to.c b/parser/parse_refer_to.c index 3ccb4a7..dc5bd29 100644 --- a/parser/parse_refer_to.c +++ b/parser/parse_refer_to.c @@ -69,7 +69,7 @@ int parse_refer_to_header( struct sip_msg *msg ) refer_to_b); if (refer_to_b->error == PARSE_ERROR) { LOG(L_ERR, "ERROR:parse_refer_to_header: bad Refer-To header\n"); - pkg_free(refer_to_b); + free_to(refer_to_b); goto error; } msg->refer_to->parsed = refer_to_b; diff --git a/parser/parse_rpid.c b/parser/parse_rpid.c index d947932..618bdd1 100644 --- a/parser/parse_rpid.c +++ b/parser/parse_rpid.c @@ -66,7 +66,7 @@ int parse_rpid_header( struct sip_msg *msg ) parse_to(msg->rpid->body.s,msg->rpid->body.s+msg->rpid->body.len+1,rpid_b); if (rpid_b->error == PARSE_ERROR) { LOG(L_ERR, "ERROR:parse_rpid_header: bad rpid header\n"); - pkg_free(rpid_b); + free_to(rpid_b); goto error; } msg->rpid->parsed = rpid_b;

13 years, 2 months

[tracker] Comment added: msg_parser memory leak (Attachment added)

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#155 - msg_parser memory leak User who did this - Walter Doekes (wdoekes) ---------- There are other places that also use parse_to and pkg_free it on fail. I've added those I could find to this _v2 patch. I didn't test any of that apart from that it compiles. An alternative fix to this issue could be to free_to_params() in parse_to on ERROR. That would lead to less changes. Make sure param_lst is reset to 0 though, as some might want to call free_to() anyway, causing a double-free. Regards, Walter ---------- One or more files have been attached. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=155#comment276 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] Task opened: msg_parser memory leak (Attachment added)

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A new Flyspray task has been opened. Details are below. User who did this - Walter Doekes (wdoekes) Attached to Project - sip-router Summary - msg_parser memory leak Task Type - Bug Report Category - Core Status - Assigned Assigned To - Andrei Pelinescu-Onciul Operating System - All Severity - High Priority - Normal Reported Version - 3.1 Due in Version - Undecided Due Date - Undecided Details - Hi, parser/msg_parser get_hdr_field forgets to clean up to_b parameters when pkg_free'ing to_b (To-body) on error. A properly crafted SIP packet can cause kamailio/siprouter to run out of memory. Example: {{{ $ diff -pu sipsak-0.9.6/request.c{.orig,} --- sipsak-0.9.6/request.c.orig 2011-09-19 11:28:43.793987925 +0200 +++ sipsak-0.9.6/request.c 2011-09-19 11:28:59.473988046 +0200 @@ -262,7 +262,7 @@ void create_msg(int action, char *req_bu "%s sip:%s%s%s" "%s%s %s:9;branch=z9hG4bK.%08x\r\n" "%ssip:sipsak@%s:9;tag=%x\r\n" - "%ssip:%s%s\r\n" + "%ssip:%s%s;tag=crap;\r\n" "%s%u@%s\r\n" "%s%i %s\r\n" "%ssip:sipsak@%s:9\r\n" }}} This patched sipsak will let the children calling parse_to quickly to run out of memory. When parsing the To: body, parse_to_param adds tag=crap. Later it trips on the trailing semi-colon and returns an error. The caller only frees the container to_b and not the parsed parameters. Fix: replace pkg_free with free_to. Before the patch: {{{ Sep 19 11:40:07 walter-desktop kamailio[15119]: ERROR: <core> [parser/parse_to.c:814]: ERROR: parse_to: invalid To - unexpected end of header in state 13 Sep 19 11:40:07 walter-desktop kamailio[15121]: ERROR: <core> [parser/parse_to.c:506]: ERROR: parse_to_param : unexpected end of header, status 20: <<;tag=crap;#015#012>> . Sep 19 11:40:07 walter-desktop kamailio[15121]: ERROR: <core> [parser/parse_to.c:814]: ERROR: parse_to: invalid To - unexpected end of header in state 13 Sep 19 11:40:07 walter-desktop kamailio[15121]: ERROR: <core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header Sep 19 11:40:07 walter-desktop kamailio[15121]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [To: sip:localhost;ta] }}} and after a while {{{ Sep 19 11:40:39 walter-desktop kamailio[15120]: ERROR: <core> [parser/parse_to.c:286]: ERROR: parse_to_param - out of memory Sep 19 11:40:39 walter-desktop kamailio[15120]: ERROR: <core> [parser/parse_to.c:814]: ERROR: parse_to: invalid To - unexpected end of header in state 27 Sep 19 11:40:39 walter-desktop kamailio[15120]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [To: sip:localhost;ta] }}} After the patch: no more leaks and kamailio keeps on running smoothly. Note that I added a free_cseq() in the patch as well. It only calls pkg_free, but if that were to change, get_hdr_field would be prepared. Regards, Walter Doekes OSSO B.V. One or more files have been attached. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=155 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] Assignee added: msg_parser memory leak

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A user has added themself to the list of users assigned to this task. FS#155 - msg_parser memory leak User who did this - Walter Doekes (wdoekes) http://sip-router.org/tracker/index.php?do=details&task_id=155 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] Task changed: tracked initial requests ended prematurely by stateless responses are not cleaned up

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has been changed. The changes are listed below. For full information about what has changed, visit the URL and click the History tab. FS#154 - tracked initial requests ended prematurely by stateless responses are not cleaned up User who did this: Timo Reimann (tr) Task details edited: ------- If the initial request to a dialog tracked using dlg_manage() is not delivered further downstream but ended by a stateless response from the proxy the associated dialog will not be cleaned up properly. Example flow: Caller ---> INVITE ---> Proxy Caller <--- 4xx(s-less) --- Proxy The reason for this behavior is that the dialog module expects a transaction to conclude when a call is being tracked. By returning the failure response statelessly, no transaction will be created and thus, the dialog structure never removed. Possible fixes to the problem: (1) On return of a stateless response, let the sl module call a function in the dialog module to clean up such dialogs. This is an ugly approach because it touches two modules and increases inter-module dependency; on the other side, it is expected to work. (2) Within the dialog module, register a to-be-implemented function on completed execution of the configuration script which is to detect and cleanup all "unconfirmed" dialogs that were ended prematurely by means of stateless responding. While this is a more elegant approach than (1), a method needs to be determined which is capable of detecting the problematic state. Introducing a new dialog state (e.g., DLG_STATE_UNCONFIRMED_SENT) could be one way to do this. Workarounds: (1) Refrain from tracking dialogs using dlg_manage() until you are sure no stateless response will be emitted. (2) Return responses statefully, i.e., call t_newtran() followed by t_reply(). (3) Track dialogs using the dialog flag instead of dlg_manage(). Although I haven't verified this solution, it should work. ------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=154 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] Task opened: tracked initial requests ended prematurely by stateless responses are not cleaned up

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A new Flyspray task has been opened. Details are below. User who did this - Timo Reimann (tr) Attached to Project - sip-router Summary - tracked initial requests ended prematurely by stateless responses are not cleaned up Task Type - Bug Report Category - dialog Status - Assigned Assigned To - Timo Reimann Operating System - All Severity - Low Priority - Normal Reported Version - Development Due in Version - Undecided Due Date - Undecided Details - If the initial request to a dialog tracked using dlg_manage() is not delivered further downstream but ended by a stateless response from the proxy the associated dialog will not be cleaned up properly. Example flow: Caller ------------> Proxy INVITE Caller <------------ Proxy 4xx(s-less) The reason for this behavior is that the dialog module expects a transaction to conclude when a call is being tracked. By returning the failure response statelessly, no transaction will be created and thus, the dialog structure never removed. Possible fixes to the problem: (1) On return of a stateless response, let the sl module call a function in the dialog module to clean up such dialogs. This is an ugly approach because it touches two modules and increases inter-module dependency; on the other side, it is expected to work. (2) Within the dialog module, register a to-be-implemented function on completed execution of the configuration script which is to detect and cleanup all "unconfirmed" dialogs that were ended prematurely by means of stateless responding. While this is a more elegant approach than (1), a method needs to be determined which is capable of detecting the problematic state. Introducing a new dialog state (e.g., DLG_STATE_UNCONFIRMED_SENT) could be one way to do this. Workarounds: (1) Refrain from tracking dialogs using dlg_manage() until you are sure no stateless response will be emitted. (2) Return responses statefully, i.e., call t_newtran() followed by t_reply(). (3) Track dialogs using the dialog flag instead of dlg_manage(). Although I haven't verified this solution, it should work. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=154 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

[tracker] Assignee added: tracked initial requests ended prematurely by stateless responses are not cleaned up

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A user has added themself to the list of users assigned to this task. FS#154 - tracked initial requests ended prematurely by stateless responses are not cleaned up User who did this - Timo Reimann (tr) http://sip-router.org/tracker/index.php?do=details&task_id=154 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 2 months

← Newer
1
...
10
11
12
13
14
15
16
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev September 2011