Hi,
I'm running 4.2:ca60c77acddc13d36ab691f8cac1f566323f6d86 and seem to be able to dependably crash Kamailio by sending the following JSONRPC stanza to the jsonrpc-s module:
{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":"core.version"}\n
The number of HTTP requests needed to crash it varies, but seems to generally be about 8-10 on my system:
Jan 7 02:32:04 localhost /usr/local/sbin/kamailio[2785]: INFO: [R-XHTTP-REQUEST:<null>] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:32:05 localhost /usr/local/sbin/kamailio[2791]: CRITICAL: <core> [pass_fd.c:293]: receive_fd(): EOF on 59 Jan 7 02:32:05 localhost /usr/local/sbin/kamailio[2734]: ALERT: <core> [main.c:784]: handle_sigs(): child process 2785 exited by a signal 11 Jan 7 02:32:05 localhost /usr/local/sbin/kamailio[2734]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated
The core dump says it's because jsonrpc_dispatch() is being invoked with two empty parameters:
#0 0x00007fc2b0b6f171 in __strlen_sse2 () from /lib64/libc.so.6 #1 0x00007fc2a6ffea72 in jsonrpc_dispatch (msg=0x7fff5721ceb0, s1=0x0, s2=0x0) at jsonrpc-s_mod.c:943 #2 0x000000000041d29b in do_action (h=0x7fff5721cdd0, a=0x7fc2b051b2c0, msg=0x7fff5721ceb0) at action.c:1088 #3 0x00000000004299b1 in run_actions (h=0x7fff5721cdd0, a=0x7fc2b051b070, msg=0x7fff5721ceb0) at action.c:1583 #4 0x000000000041d204 in do_action (h=0x7fff5721cdd0, a=0x7fc2b051b9d0, msg=0x7fff5721ceb0) at action.c:1079 #5 0x00000000004299b1 in run_actions (h=0x7fff5721cdd0, a=0x7fc2b051b9d0, msg=0x7fff5721ceb0) at action.c:1583 #6 0x00007fc2a720ad2b in xhttp_process_request (orig_msg=0x7fc2b0561438, new_buf=0x7fc2b051d550 "POST /csrp_rpc/ HTTP/1.1\r\nVia: SIP/2.0/TCP 172.30.110.4:42861\r\nHost: 172.30.110.4:5060\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":""..., new_len=215) at xhttp_mod.c:284 #7 0x00007fc2a720bd98 in xhttp_handler (msg=0x7fc2b0561438) at xhttp_mod.c:359 #8 0x00000000004de163 in nonsip_msg_run_hooks (msg=0x7fc2b0561438) at nonsip_hooks.c:125 #9 0x0000000000506999 in receive_msg ( buf=0x2a9d5a0 "POST /csrp_rpc/ HTTP/1.1\r\nHost: 172.30.110.4:5060\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":"core.version"}\n", len=178, ...
I'll see what changes I can make to try to get it to not crash.