Hi,
I'm running 4.2:ca60c77acddc13d36ab691f8cac1f566323f6d86 and seem to be able to dependably crash Kamailio by sending the following JSONRPC stanza to the jsonrpc-s module:
{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":"core.version"}\n
The number of HTTP requests needed to crash it varies, but seems to generally be about 8-10 on my system:
Jan 7 02:32:04 localhost /usr/local/sbin/kamailio[2785]: INFO: [R-XHTTP-REQUEST:<null>] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:32:05 localhost /usr/local/sbin/kamailio[2791]: CRITICAL: <core> [pass_fd.c:293]: receive_fd(): EOF on 59 Jan 7 02:32:05 localhost /usr/local/sbin/kamailio[2734]: ALERT: <core> [main.c:784]: handle_sigs(): child process 2785 exited by a signal 11 Jan 7 02:32:05 localhost /usr/local/sbin/kamailio[2734]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated
The core dump says it's because jsonrpc_dispatch() is being invoked with two empty parameters:
#0 0x00007fc2b0b6f171 in __strlen_sse2 () from /lib64/libc.so.6 #1 0x00007fc2a6ffea72 in jsonrpc_dispatch (msg=0x7fff5721ceb0, s1=0x0, s2=0x0) at jsonrpc-s_mod.c:943 #2 0x000000000041d29b in do_action (h=0x7fff5721cdd0, a=0x7fc2b051b2c0, msg=0x7fff5721ceb0) at action.c:1088 #3 0x00000000004299b1 in run_actions (h=0x7fff5721cdd0, a=0x7fc2b051b070, msg=0x7fff5721ceb0) at action.c:1583 #4 0x000000000041d204 in do_action (h=0x7fff5721cdd0, a=0x7fc2b051b9d0, msg=0x7fff5721ceb0) at action.c:1079 #5 0x00000000004299b1 in run_actions (h=0x7fff5721cdd0, a=0x7fc2b051b9d0, msg=0x7fff5721ceb0) at action.c:1583 #6 0x00007fc2a720ad2b in xhttp_process_request (orig_msg=0x7fc2b0561438, new_buf=0x7fc2b051d550 "POST /csrp_rpc/ HTTP/1.1\r\nVia: SIP/2.0/TCP 172.30.110.4:42861\r\nHost: 172.30.110.4:5060\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":""..., new_len=215) at xhttp_mod.c:284 #7 0x00007fc2a720bd98 in xhttp_handler (msg=0x7fc2b0561438) at xhttp_mod.c:359 #8 0x00000000004de163 in nonsip_msg_run_hooks (msg=0x7fc2b0561438) at nonsip_hooks.c:125 #9 0x0000000000506999 in receive_msg ( buf=0x2a9d5a0 "POST /csrp_rpc/ HTTP/1.1\r\nHost: 172.30.110.4:5060\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":"core.version"}\n", len=178, ...
I'll see what changes I can make to try to get it to not crash.
I can also reproduce the same crash scenario with this command:
curl -v -H 'Content-Type: application/json' -H 'Call-ID: abc12' -d '{"jsonrpc": "2.0", "method": "core.version", "id": "0deadb33f"}' 'http://172.30.110.4:5060/csrp_rpc/'
This one is a bit different than the request I was sending when initially reporting the problem.
1) It has a shorter 'id' GUID.
2) It has a Call-ID header.
3) It has a Content-Type: application/json.
So, I suppose I can say that it's not the length of the 'id' field nor the lack of Call-ID that causes the crash.
I should also note that on the very last invocation before the crash, a message about failure to parse Call-ID appeared in the logs, even though there was a Call-ID header there -- same as on the previous requests.
Jan 7 02:37:43 localhost /usr/local/sbin/kamailio[3154]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:45 localhost /usr/local/sbin/kamailio[3146]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:46 localhost /usr/local/sbin/kamailio[3154]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:46 localhost /usr/local/sbin/kamailio[3146]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:47 localhost /usr/local/sbin/kamailio[3154]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:47 localhost /usr/local/sbin/kamailio[3149]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:47 localhost /usr/local/sbin/kamailio[3154]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:47 localhost /usr/local/sbin/kamailio[3149]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:47 localhost /usr/local/sbin/kamailio[3154]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3149]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3150]: ERROR: pv [pv_core.c:667]: pv_get_callid(): cannot parse Call-Id header Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3150]: INFO: [R-XHTTP-REQUEST:<null>] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3154]: INFO: [R-XHTTP-REQUEST:abc123] -> Handling JSON RPC request: /csrp_rpc/ Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3101]: ALERT: <core> [main.c:784]: handle_sigs(): child process 3150 exited by a signal 11 Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3101]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated Jan 7 02:37:48 localhost /usr/local/sbin/kamailio[3101]: INFO: <core> [main.c:799]: handle_sigs(): terminating due to SIGCHLD
On the other hand, I can't seem to get it to crash if I send fully-formed requests like this one:
POST /csrp_rpc/ HTTP/1.1 Content-Type: application/json Content-Length: 54 Call-ID: 13d40122621463619e0c14a1f1dad01a Host: 172.30.110.4:5060 Connection: close
{"jsonrpc":"2.0","id":"ef8e1","method":"core.version"}
... so, there's something amiss here.
Hello,
I pushed a fix to master and 4.2 branches -- in the first request you tried, the jsonrpc field was integer 2, according to specs it must be the string "2.0" (http://www.jsonrpc.org/specification#request_object).
For the other requests, I didn't get a crash. id field is ok to be string or int or missing.
Cheers, Daniel
On 07/01/15 09:01, Alex Balashov wrote:
On the other hand, I can't seem to get it to crash if I send fully-formed requests like this one:
POST /csrp_rpc/ HTTP/1.1 Content-Type: application/json Content-Length: 54 Call-ID: 13d40122621463619e0c14a1f1dad01a Host: 172.30.110.4:5060 Connection: close
{"jsonrpc":"2.0","id":"ef8e1","method":"core.version"}
... so, there's something amiss here.
-
Alex Balashov -
Daniel-Constantin Mierla