THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - Savolainen Dmitri (sdi)
Attached to Project - sip-router
Summary - Looping while parsing malformed Supported field
Task Type - Bug Report
Category - Core
Status - Unconfirmed
Assigned To -
Operating System - Linux
Severity - Critical
Priority - Normal
Reported Version - 4.1
Due in Version - Undecided
Due Date - Undecided
Details - Error while parsing malformed Supported field. Kamailio go to top of CPU usage
and stop handling requests. Loop "while (pos < len)" in parse_option_tag_body
function
(parse_option_tags.h) is never stop
<code>
kamcmd> core.info
{
version: kamailio 4.1.1
id: ab7f96 -dirty
compiler: gcc 4.3.4
compiled: 16:51:25 Jan 20 2014
flags: STATS: Off, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST,
HAVE_RESOLV_RES
}
</code>
<code>
log# gdb /usr/local/kamailio411/sbin/kamailio 26994
(gdb) bt
#0 0x081a8ee5 in parse_option_tag_body (body=0xb3fd3438, tags=0xb3fd5eb0) at
parse_option_tags.h:98
#1 0x081a8dce in parse_supported (msg=0xb4005bd4) at parse_supported.c:63
#2 0xaba18a9b in save (_m=0xb4005bd4, _d=0xac091008, _cflags=0, _uri=0x0) at save.c:896
#3 0xaba0f4ab in w_save2 (_m=0xb4005bd4, _d=0xac091008 "\214\017\t�",
_cflags=0x0) at reg_mod.c:452
#4 0x0805f7cd in do_action (h=0xbfb86f68, a=0xb3fac5e8, msg=0xb4005bd4) at action.c:1105
#5 0x08067a49 in run_actions (h=0xbfb86f68, a=0xb3fac5e8, msg=0xb4005bd4) at
action.c:1599
#6 0x080680ff in run_actions_safe (h=0xbfb88b04, a=0xb3fac5e8, msg=0xb4005bd4) at
action.c:1664
#7 0x08103906 in rval_get_int (h=0xbfb88b04, msg=0xb4005bd4, i=0xbfb872c4, rv=0xb3fac75c,
cache=0x0) at rvalue.c:924
#8 0x0810507b in rval_expr_eval_int (h=0xbfb88b04, msg=0xb4005bd4, res=0xbfb872c4,
rve=0xb3fac758) at rvalue.c:1918
#9 0x08105262 in rval_expr_eval_int (h=0xbfb88b04, msg=0xb4005bd4, res=0xbfb875d0,
rve=0xb3facb88) at rvalue.c:1926
#10 0x0805f4cb in do_action (h=0xbfb88b04, a=0xb3fad090, msg=0xb4005bd4) at action.c:1075
#11 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3fac0c8, msg=0xb4005bd4) at
action.c:1599
#12 0x0805daee in do_action (h=0xbfb88b04, a=0xb3e9ad50, msg=0xb4005bd4) at action.c:715
#13 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3e9a340, msg=0xb4005bd4) at
action.c:1599
#14 0x0805f6fd in do_action (h=0xbfb88b04, a=0xb3ec5ac4, msg=0xb4005bd4) at action.c:1090
#15 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3ec5ac4, msg=0xb4005bd4) at
action.c:1599
#16 0x0805f740 in do_action (h=0xbfb88b04, a=0xb3ec5b68, msg=0xb4005bd4) at action.c:1094
#17 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3ec5b68, msg=0xb4005bd4) at
action.c:1599
#18 0x0805f740 in do_action (h=0xbfb88b04, a=0xb3ec5c0c, msg=0xb4005bd4) at action.c:1094
#19 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3ec5c0c, msg=0xb4005bd4) at
action.c:1599
#20 0x0805f740 in do_action (h=0xbfb88b04, a=0xb3ec5cb0, msg=0xb4005bd4) at action.c:1094
#21 0x08067a49 in run_actions (h=0xbfb88b04, a=0xb3e8a2c0, msg=0xb4005bd4) at
action.c:1599
#22 0x080681a9 in run_top_route (a=0xb3e8a2c0, msg=0xb4005bd4, c=0x0) at action.c:1685
#23 0x080e458b in receive_msg (
buf=0x82ea2a0 "REGISTER sip:sip.telphin.com:5068 SIP/2.0\r\nVia: SIP/2.0/UDP
213.170.81.130:5600;branch=z9hG4bKt5eurr2030eg3e4id1s0.1\r\nMax-Forwards: 16\r\nContact:
<sip:00041943@213.170.81.130:5600;rinstance=cc1a5d7b824"..., len=876,
rcv_info=0xbfb88d0c) at receive.c:212
#24 0x08173183 in udp_rcv_loop () at udp_server.c:536
#25 0x080af4fe in main_loop () at main.c:1617
#26 0x080b2450 in main (argc=8, argv=0xbfb88fb4) at main.c:2533
(gdb) p *body
$8 = {
s = 0x82ea4cd "time�\r\nUser-Agent: Telphin Softphone release 1104a stamp
56747\r\nAuthorization: Digest
username=\"XXXXXXXX\",realm=\"sip.telphin.com\",nonce=\"XXXXXXXXXXXXXXXXXXXXX\",uri=\"sip:sip.telphin.com:5068"...,
len = 5}
(gdb) n
93 while (pos < len) {
(gdb)
97 val = LOWER_DWORD(READ(p));
(gdb)
98 switch (val) {
(gdb)
121 if ( pos+5 <= len && LOWER_BYTE(*(p+4))=='r'
(gdb)
93 while (pos < len) {
(gdb)
97 val = LOWER_DWORD(READ(p));
(gdb)
98 switch (val) {
(gdb)
121 if ( pos+5 <= len && LOWER_BYTE(*(p+4))=='r'
(gdb)
93 while (pos < len) {
(gdb)
97 val = LOWER_DWORD(READ(p));
(gdb)
</code>
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=396
You are receiving this message because you have requested it from the Flyspray bugtracking
system. If you did not expect this message or don't want to receive mails in future,
you can change your notification settings at the URL shown above.