sr-dev January 2022

sr-dev@lists.kamailio.org

13 participants
261 discussions

[kamailio/kamailio] integer overflow in 'core.shmmem' output (#2824)

by Julius Flohr

Hi, we are using kamailio with more than 4GB of shared memory. When using 'core.shmem' we are expierencing an integer overflow in the output. The issue can be found here: https://github.com/kamailio/kamailio/blob/1ddc27f199061025a6a43da3e8a1388fc… I currently don't have the time to setup a build environment so I can't fix it myself. cheers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2824

2 years, 10 months

git:master:3a11426b: kamcmd: double/float values printed without decimals when they are 0

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 3a11426bdf0a4a458f2531689110fee84451da88 URL: https://github.com/kamailio/kamailio/commit/3a11426bdf0a4a458f2531689110fee… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2022-01-12T17:05:21+01:00 kamcmd: double/float values printed without decimals when they are 0 - cope better with long (long) values stored in double fields --- Modified: utils/kamcmd/kamcmd.c --- Diff: https://github.com/kamailio/kamailio/commit/3a11426bdf0a4a458f2531689110fee… Patch: https://github.com/kamailio/kamailio/commit/3a11426bdf0a4a458f2531689110fee… --- diff --git a/utils/kamcmd/kamcmd.c b/utils/kamcmd/kamcmd.c index f1cbc24d68..141f309aaf 100644 --- a/utils/kamcmd/kamcmd.c +++ b/utils/kamcmd/kamcmd.c @@ -427,7 +427,11 @@ void print_binrpc_val(struct binrpc_val* v, int ident) printf("%c", (v->u.end)?'}':'{'); break; case BINRPC_T_DOUBLE: - printf("%f", v->u.fval); + if(v->u.fval == (double)((long long int)v->u.fval)) { + printf("%lld", (long long int)v->u.fval); + } else { + printf("%f", v->u.fval); + } break; default: printf("ERROR: unknown type %d\n", v->type);

2 years, 10 months

git:master:f619cae5: corex: rpc shm stats values printed as unsigned long

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: f619cae55ffeb4596da852d9ed75773c3217de50 URL: https://github.com/kamailio/kamailio/commit/f619cae55ffeb4596da852d9ed75773… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2022-01-12T17:03:58+01:00 corex: rpc shm stats values printed as unsigned long - GH #2824 --- Modified: src/modules/corex/corex_rpc_shm.c --- Diff: https://github.com/kamailio/kamailio/commit/f619cae55ffeb4596da852d9ed75773… Patch: https://github.com/kamailio/kamailio/commit/f619cae55ffeb4596da852d9ed75773… --- diff --git a/src/modules/corex/corex_rpc_shm.c b/src/modules/corex/corex_rpc_shm.c index 7bf10553dd..615fb892bc 100644 --- a/src/modules/corex/corex_rpc_shm.c +++ b/src/modules/corex/corex_rpc_shm.c @@ -46,9 +46,9 @@ static void corex_rpc_shm_info(rpc_t* rpc, void* ctx) rpc->fault(ctx, 500, "Internal error creating rpc"); return; } - if(rpc->struct_add(th, "su", + if(rpc->struct_add(th, "sj", "name", (_shm_root.mname)?_shm_root.mname:"unknown", - "size", (unsigned int)shm_mem_size) <0) { + "size", shm_mem_size) <0) { rpc->fault(ctx, 500, "Internal error adding fields"); return; } @@ -69,13 +69,13 @@ static void corex_rpc_shm_stats(rpc_t* rpc, void* c) shm_info(&mi); rpc->add(c, "{", &th); - rpc->struct_add(th, "uuuuuu", - "total", (unsigned int)(mi.total_size), - "free", (unsigned int)(mi.free), - "used", (unsigned int)(mi.used), - "real_used",(unsigned int)(mi.real_used), - "max_used", (unsigned int)(mi.max_used), - "fragments", (unsigned int)mi.total_frags + rpc->struct_add(th, "jjjjjj", + "total", mi.total_size, + "free", mi.free, + "used", mi.used, + "real_used", mi.real_used, + "max_used", mi.max_used, + "fragments", mi.total_frags ); }

2 years, 10 months

git:master:7162dc0a: ctl: float/double values are stored over a long long int instead of int

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 7162dc0a7368f61e3b32231a2ad00e72ee29d82e URL: https://github.com/kamailio/kamailio/commit/7162dc0a7368f61e3b32231a2ad00e7… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2022-01-12T17:02:11+01:00 ctl: float/double values are stored over a long long int instead of int - cope with larger values than MAX_INT/1000, supporint now up to MAX_LLONG/1000 --- Modified: src/modules/ctl/binrpc.h --- Diff: https://github.com/kamailio/kamailio/commit/7162dc0a7368f61e3b32231a2ad00e7… Patch: https://github.com/kamailio/kamailio/commit/7162dc0a7368f61e3b32231a2ad00e7… --- diff --git a/src/modules/ctl/binrpc.h b/src/modules/ctl/binrpc.h index cb7204fffd..bb34cd3be5 100644 --- a/src/modules/ctl/binrpc.h +++ b/src/modules/ctl/binrpc.h @@ -205,6 +205,31 @@ inline static int binrpc_add_tag(struct binrpc_pkt* pkt, int type, int end) +/* writes a minimal long long, returns the new offset and sets + * len to the number of bytes written (<=8) + * to check for oveflow use: returned_value-p != *len + * (Note: if *len==0 using the test above succeeds even if p>=end) + */ +inline static unsigned char* binrpc_write_llong( unsigned char* p, + unsigned char* end, + long long i, int *len) +{ + int size; + unsigned long long u; + + u = (unsigned long long)i; + + for (size=8; size && ((u & (0xffull<<56))==0); u<<=8, size--); + *len=size; + for(; (p<end) && (size); p++, size--){ + *p=(unsigned char)(u>>56); + u<<=8; + } + return p; +} + + + /* writes a minimal int, returns the new offset and sets * len to the number of bytes written (<=4) * to check for oveflow use: returned_value-p != *len @@ -330,6 +355,23 @@ inline static int binrpc_hdr_change_len(unsigned char* hdr, int hdr_len, } +/* int format: size TYPE <val> */ +inline static int binrpc_add_llong_type(struct binrpc_pkt* pkt, long long i, int type) +{ + + unsigned char* p; + int size; + + p=binrpc_write_llong(pkt->crt+1, pkt->end, i, &size); + if ((pkt->crt>=pkt->end) || ((int)(p-pkt->crt-1)!=size)) + goto error_len; + *(pkt->crt)=(size<<4) | type; + pkt->crt=p; + return 0; +error_len: + return E_BINRPC_OVERFLOW; +} + /* int format: size BINRPC_T_INT <val> */ inline static int binrpc_add_int_type(struct binrpc_pkt* pkt, int i, int type) @@ -351,9 +393,9 @@ inline static int binrpc_add_int_type(struct binrpc_pkt* pkt, int i, int type) /* double format: FIXME: for now a hack: fixed point represented in - * an int (=> max 3 decimals, < MAX_INT/1000) */ + * a long long (=> max 3 decimals, < MAX_LLONG/1000) */ #define binrpc_add_double_type(pkt, f, type)\ - binrpc_add_int_type((pkt), (int)((f)*1000), (type)) + binrpc_add_llong_type((pkt), (long long)((f)*1000), (type)) @@ -516,6 +558,35 @@ static inline int binrpc_addfault( struct binrpc_pkt* pkt, /* parsing incoming messages */ +static inline unsigned char* binrpc_read_llong( long long* i, + int len, + unsigned char* s, + unsigned char* end, + int *err + ) +{ + unsigned char* start; + unsigned long long u; + + start=s; + *i=0; + u = 0; + *err=0; + for(;len>0; len--, s++){ + if (s>=end){ + *err=E_BINRPC_MORE_DATA; + *i = (long long)u; + return start; + } + u<<=8; + u|=*s; + }; + *i = (long long)u; + return s; +} + + + static inline unsigned char* binrpc_read_int( int* i, int len, unsigned char* s, @@ -638,8 +709,8 @@ inline static unsigned char* binrpc_read_record(struct binrpc_parse_ctx* ctx, int end_tag; int tmp; unsigned char* p; - int i; - + long long ll; + p=buf; end_tag=0; *err=0; @@ -758,10 +829,10 @@ inline static unsigned char* binrpc_read_record(struct binrpc_parse_ctx* ctx, } break; case BINRPC_T_DOUBLE: /* FIXME: hack: represented as fixed point - inside an int */ + inside an long long */ if (ctx->in_struct && smode==0) goto error_record; - p=binrpc_read_int(&i, len, p, end, err); - v->u.fval=((double)i)/1000; + p=binrpc_read_llong(&ll, len, p, end, err); + v->u.fval=((double)ll)/1000; break; default: if (ctx->in_struct){

2 years, 10 months

[kamailio/kamailio] SEGV on unknown address (Issue #2993)

by taotao gu

Linux x1-1 5.11.0-43-generic #47~20.04.2-Ubuntu SMP Mon Dec 13 11:06:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux poc [https://github.com/gtt1995/poc/blob/main/kamailio/148907.testcase](https://… AddressSanitizer:DEADLYSIGNAL ================================================================= ==2350==ERROR: AddressSanitizer: SEGV on unknown address 0x608000010000 (pc 0x7f8ec09469c3 bp 0x7ffd84505c90 sp 0x7ffd84505718 T0) ==2350==The signal is caused by a READ memory access. SCARINESS: 20 (wild-addr-read) #0 0x7f8ec09469c3 in libc.so.6 #1 0x7f8ec0835209 in libc.so.6 #2 0x7f8ec08d5f32 in libc.so.6 #3 0x7f8ec08d63e9 in syslog #4 0x64a045 in parse_identityinfo /src/kamailio/src/core/parser/parse_identityinfo.c:315:3 #5 0x64b29b in parse_identityinfo_header /src/kamailio/src/core/parser/parse_identityinfo.c:346:2 #6 0x576467 in LLVMFuzzerTestOneInput /src/kamailio/misc/fuzz/fuzz_parse_msg.c:53:5 #7 0x456e73 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp:0 #8 0x45665a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) cxa_noexception.cpp:0 #9 0x457efb in fuzzer::Fuzzer::MutateAndTestOne() cxa_noexception.cpp:0 #10 0x4589e5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) cxa_noexception.cpp:0 #11 0x44812d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp:0 #12 0x471172 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #13 0x7f8ec07e20b2 in __libc_start_main #14 0x41fa0d in _start AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b9c3) ==2350==ABORTING MS: 3 ChangeBinInt-ShuffleBytes-EraseBytes-; base unit: ae3912c98bceb907c57e00fbcb572ff78ca2f12c 0x2d,0x2d,0x32,0x32,0x52,0x52,0x41,0x52,0xec,0x53,0x52,0x52,0x20,0x73,0x2d,0x34,0x38,0x39,0x31,0x36,0x9,0x48,0x48,0x48,0x1a,0xa,0x50,0x72,0x69,0x76,0x61,0x63,0x79,0x3a,0xa,0x20,0x73,0x32,0xa,0x49,0x64,0x65,0x6e,0x74,0x69,0x74,0x79,0x2d,0x49,0x6e,0x66,0x6f,0x3a,0x3c,0x3a,0x3a,0x3a,0x3a,0xff,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xa,0xa,0xff,0xff,0xff,0xff,0xff, --22RRAR\354SRR s-48916\011HHH\032\012Privacy:\012 s2\012Identity-Info:<::::\377\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\012\012\377\377\377\377\377 artifact_prefix='/clusterfuzz/run_bot/clusterfuzz/bot/inputs/fuzzer-testcases/'; Test unit written to /clusterfuzz/run_bot/clusterfuzz/bot/inputs/fuzzer-testcases/crash-9886d78e9acf21b875f4e58d2d14222a4ed1e86f Base64: LS0yMlJSQVLsU1JSIHMtNDg5MTYJSEhIGgpQcml2YWN5OgogczIKSWRlbnRpdHktSW5mbzo8Ojo6Ov/q6urq6urq6urq6urq6urq6urq6goK//////8= stat::number_of_executed_units: 14639 stat::average_exec_per_sec: 1219 stat::new_units_added: 1293 stat::slowest_unit_time_sec: 0 stat::peak_rss_mb: 142 INFO: exiting: 77 time: 85s +----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+ ==2350==The signal is caused by a READ memory access. SCARINESS: 20 (wild-addr-read) #0 0x7f8ec09469c3 (/lib/x86_64-linux-gnu/libc.so.6+0x18b9c3) #1 0x7f8ec0835209 (/lib/x86_64-linux-gnu/libc.so.6+0x7a209) #2 0x7f8ec08d5f32 (/lib/x86_64-linux-gnu/libc.so.6+0x11af32) #3 0x7f8ec08d63e9 (/lib/x86_64-linux-gnu/libc.so.6+0x11b3e9) #4 0x64a045 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x64a045) #5 0x64b29b (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x64b29b) #6 0x576467 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x576467) #7 0x456e73 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x456e73) #8 0x45665a (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x45665a) #9 0x457efb (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x457efb) #10 0x4589e5 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x4589e5) #11 0x44812d (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x44812d) #12 0x471172 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x471172) #13 0x7f8ec07e20b2 (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #14 0x41fa0d (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x41fa0d) -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2993 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/2993(a)github.com>

2 years, 10 months

git:master:40e59d9c: core: parser - print ascii code and position of invalid char for identity info

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 40e59d9c3b8ec531cb9e26093c43647a43108dfd URL: https://github.com/kamailio/kamailio/commit/40e59d9c3b8ec531cb9e26093c43647… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2022-01-12T14:12:42+01:00 core: parser - print ascii code and position of invalid char for identity info --- Modified: src/core/parser/parse_identityinfo.c --- Diff: https://github.com/kamailio/kamailio/commit/40e59d9c3b8ec531cb9e26093c43647… Patch: https://github.com/kamailio/kamailio/commit/40e59d9c3b8ec531cb9e26093c43647… --- diff --git a/src/core/parser/parse_identityinfo.c b/src/core/parser/parse_identityinfo.c index 7afd473f23..dc0aba5d9b 100644 --- a/src/core/parser/parse_identityinfo.c +++ b/src/core/parser/parse_identityinfo.c @@ -311,8 +311,8 @@ void parse_identityinfo(char *buffer, char *end, struct identityinfo_body *ii_b) parseerror: if(p < end) { - LM_ERR("unexpected char [%c] in status %d: [%.*s]\n", *p, status, - (int)(p - buffer), buffer); + LM_ERR("unexpected char [%c/%d] in status %d - pos %d: [%.*s]\n", *p, *p, + status, (int)(p - buffer), (int)(p - buffer), buffer); } else { LM_ERR("unexpected end of buffer - status %d\n", status); }

2 years, 10 months

[kamailio/kamailio] module_db_mysql: Allow '@' in username/password for db_url URIs (#1346)

by Florian Floimair

#### Pre-Submission Checklist    - [x ] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [x] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description  - It is allowed to use '@' within a username and/or a password for MySQL. Database as a Service providers like e.g. Microsoft Azure use these in usernames by default. The existing URI parser always treated the '@' as a separator between username:password and host:port/db parts of the URI. The parser now checks how many '@' characters are present in the URI and only treats the last occurence as separator for the host:port/db part. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1346 -- Commit Summary -- * module_db_mysql: Allow '@' in username/password for db_url URIs -- File Changes -- M src/modules/db_mysql/my_uri.c (35) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1346.patch https://github.com/kamailio/kamailio/pull/1346.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1346

2 years, 10 months

Wiki edit access

by Rhys Hanrahan

Hi All, I’m trying to update the cookbook to document PR #2985, but it looks like I need edit access on the wiki? My username is “rhys”. Can someone give me access? Thanks! Rhys Hanrahan | Chief Information Officer e: rhys(a)nexusone.com.au<mailto:rhys@nexusone.com.au> [www.nexusone.com.au]<http://www.nexusone.com.au/> [signature_214001646] <http://www.fusiontech.com.au/> NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000 www.nexusone.com.au<http://www.nexusone.com.au/> | www.fusiontech.com.au<http://www.fusiontech.com.au/> The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email in error, please notify the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email. Please consider the environment before printing this email.

2 years, 10 months

git:master:c818e163: presence: small spelling fix in XML entity ID

by Henning Westerholt

Module: kamailio Branch: master Commit: c818e16367ff997ecb059141f4752d6e8ba6136f URL: https://github.com/kamailio/kamailio/commit/c818e16367ff997ecb059141f4752d6… Author: Henning Westerholt <hw(a)gilawa.com> Committer: Henning Westerholt <hw(a)gilawa.com> Date: 2022-01-11T15:10:50Z presence: small spelling fix in XML entity ID --- Modified: src/modules/presence/doc/presence_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/c818e16367ff997ecb059141f4752d6… Patch: https://github.com/kamailio/kamailio/commit/c818e16367ff997ecb059141f4752d6… --- diff --git a/src/modules/presence/doc/presence_admin.xml b/src/modules/presence/doc/presence_admin.xml index 25e43ef0b6..7e425105aa 100644 --- a/src/modules/presence/doc/presence_admin.xml +++ b/src/modules/presence/doc/presence_admin.xml @@ -1229,7 +1229,7 @@ pres_refresh_watchers("sip:test@kamailio.org", "presence", 1); </example> </section> - <section id="presence.f.pres_update_whatchers"> + <section id="presence.f.pres_update_watchers"> <title> <function moreinfo="none">pres_update_watchers(uri, event)</function> </title>

2 years, 10 months

git:master:6ba9249e: evapi: small spelling fix in comment

by Henning Westerholt

Module: kamailio Branch: master Commit: 6ba9249e49e5eafe164beae46996161a3950def4 URL: https://github.com/kamailio/kamailio/commit/6ba9249e49e5eafe164beae46996161… Author: Henning Westerholt <hw(a)gilawa.com> Committer: Henning Westerholt <hw(a)gilawa.com> Date: 2022-01-11T15:10:30Z evapi: small spelling fix in comment --- Modified: src/modules/evapi/evapi_dispatch.c --- Diff: https://github.com/kamailio/kamailio/commit/6ba9249e49e5eafe164beae46996161… Patch: https://github.com/kamailio/kamailio/commit/6ba9249e49e5eafe164beae46996161… --- diff --git a/src/modules/evapi/evapi_dispatch.c b/src/modules/evapi/evapi_dispatch.c index 1b8bff4402..6249fc869a 100644 --- a/src/modules/evapi/evapi_dispatch.c +++ b/src/modules/evapi/evapi_dispatch.c @@ -578,7 +578,7 @@ void evapi_accept_client(struct ev_loop *loop, struct ev_io *watcher, int revent return; } - /* start watcher to read messages from whatchers */ + /* start watcher to read messages from watchers */ ev_io_init(evapi_client, evapi_recv_client, csock, EV_READ); ev_io_start(loop, evapi_client); }

2 years, 10 months

← Newer
1
...
15
16
17
18
19
20
21
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2022