### Description
Crash in permissions module when `load_backends` set to 1 ``` modparam("permissions", "db_url", DBURL) modparam("permissions", "db_mode", 0) modparam("permissions", "address_table", "gw_auth_ip") modparam("permissions", "trusted_table", "user_auth_ip") modparam("permissions", "load_backends", 1) ``` ### Troubleshooting
#### Reproduction
To avoid Kamailio complaining about an old version table during an upgrade, I attempted to disable the "trusted" backend as we're not using it. Kamailio seg faults on startup. This is on 5.1.8 but I didn't see much difference in permissions with master
#### Debugging Data ``` (gdb) bt full #0 0x0000000000000000 in ?? () No symbol table info available. #1 0xffffffff3ee2991c in init_child_trusted (rank=rank@entry=-2) at trusted.c:267 __func__ = "init_child_trusted" #2 0xffffffff3ee2d1d0 in child_init (rank=<optimized out>) at permissions.c:651 No locals. #3 0x000000010014a230 in init_mod_child (m=0x1007affd8, rank=rank@entry=-2) at core/sr_module.c:943 __func__ = "init_mod_child" #4 0x000000010014a0ec in init_mod_child (m=0x1007b0658, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #5 0x000000010014a0ec in init_mod_child (m=0x1007b0d80, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #6 0x000000010014a0ec in init_mod_child (m=0x1007b1a88, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #7 0x000000010014a0ec in init_mod_child (m=0x1007b1ea0, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #8 0x000000010014a0ec in init_mod_child (m=0x1007b22b8, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #9 0x000000010014a0ec in init_mod_child (m=0x1007b29c0, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #10 0x000000010014a0ec in init_mod_child (m=0x1007b33d8, rank=rank@entry=-2) at core/sr_module.c:939 __func__ = "init_mod_child" #11 0x00000001001565d0 in init_child (rank=rank@entry=-2) at core/sr_module.c:970 No locals. #12 0x000000010018cbf4 in fork_process (child_id=child_id@entry=-2, desc=<optimized out>, make_sock=make_sock@entry=1) at core/pt.c:338 pid = <optimized out> child_process_no = <optimized out> ret = -1 new_seed1 = <optimized out> new_seed2 = <optimized out> sockfd = {6, 13} __func__ = "fork_process" #13 0xffffffff3f211cd4 in mod_child (rank=<optimized out>) at ctl.c:327 pid = <optimized out> cs = <optimized out> rank = 0 rpc_handler = 1 rpc_handler = 1 #14 0x000000010014a230 in init_mod_child (m=0x1007af178, rank=rank@entry=0) at core/sr_module.c:943 __func__ = "init_mod_child" #15 0x000000010014a0ec in init_mod_child (m=0x1007af800, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #16 0x000000010014a0ec in init_mod_child (m=0x1007affd8, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #17 0x000000010014a0ec in init_mod_child (m=0x1007b0658, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #18 0x000000010014a0ec in init_mod_child (m=0x1007b0d80, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #19 0x000000010014a0ec in init_mod_child (m=0x1007b1a88, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #20 0x000000010014a0ec in init_mod_child (m=0x1007b1ea0, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #21 0x000000010014a0ec in init_mod_child (m=0x1007b22b8, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #22 0x000000010014a0ec in init_mod_child (m=0x1007b29c0, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #23 0x000000010014a0ec in init_mod_child (m=0x1007b33d8, rank=rank@entry=0) at core/sr_module.c:939 __func__ = "init_mod_child" #24 0x00000001001565d0 in init_child (rank=rank@entry=0) at core/sr_module.c:970 No locals. #25 0x00000001000c4c44 in main_loop () at main.c:1419 i = <optimized out> pid = <optimized out> si = <optimized out> si_desc = "\000\000\000\001\000h\200\000\000\000\000\000\000\000\000\330\000\000\000\001\000o6H\000\000\000\000\000\000\000\004\000\000\000\000\000\000\000n\000\000\000\000\000\000\000\t\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000\004\377\377\377\377\177\377\357\241\000\000\000\001\000\f\345\004", '\000' <repeats 11 times>, "\001\000\003\277\320\377\377\377\377\377\377\377\375\377\377\377\377\377\377\377\375\377\377\377\377\377\377\377\375\377\377\377\377\377\377\377\375" nrprocs = <optimized out> woneinit = <optimized out> __func__ = "main_loop" #26 0x00000001000ce704 in main (argc=<optimized out>, argv=<optimized out>) at main.c:2663 cfg_stream = <optimized out> c = <optimized out> r = <optimized out> tmp = 0xffffffff7ffffbb5 "" tmp_len = 0 port = 0 proto = 0 options = 0x10003ee20 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 1842495819 rfd = <optimized out> debug_save = <optimized out> debug_flag = <optimized out> dont_fork_cnt = <optimized out> p = <optimized out> st = {st_dev = 70325794504717, st_ino = 205858632, st_mode = 16872, st_nlink = 2, st_uid = 1, st_gid = 12, st_rdev = 18446744073709551615, st_size = 334, st_atim = {tv_sec = 1574807105, tv_nsec = 898072627}, st_mtim = {tv_sec = 1574810139, tv_nsec = 861570968}, st_ctim = {tv_sec = 1574810139, tv_nsec = 861570968}, st_blksize = 8192, st_blocks = 16, st_fstype = "tmpfs\000\000\000\000\000\000\000\000\000\000"} __func__ = "main" (gdb) info locals cfg_stream = <optimized out> c = <optimized out> r = <optimized out> tmp = 0xffffffff7ffffbb5 "" tmp_len = 0 port = 0 proto = 0 options = 0x10003ee20 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 1842495819 rfd = <optimized out> debug_save = <optimized out> debug_flag = <optimized out> dont_fork_cnt = <optimized out> p = <optimized out> st = {st_dev = 70325794504717, st_ino = 205858632, st_mode = 16872, st_nlink = 2, st_uid = 1, st_gid = 12, st_rdev = 18446744073709551615, st_size = 334, st_atim = {tv_sec = 1574807105, tv_nsec = 898072627}, st_mtim = {tv_sec = 1574810139, tv_nsec = 861570968}, st_ctim = {tv_sec = 1574810139, tv_nsec = 861570968}, st_blksize = 8192, st_blocks = 16, st_fstype = "tmpfs\000\000\000\000\000\000\000\000\000\000"} __func__ = "main"
```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```kamailio -v version: kamailio 5.1.8 (sparc64/solaris) flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, select, /dev/poll. id: unknown compiled with gcc 7.3.0```
* **Operating System**:
Solaris 11.4
can you try with this patch applied ``` diff --git a/src/modules/permissions/permissions.c b/src/modules/permissions/permissions.c index 7505bb3dd..dfb5a4afc 100644 --- a/src/modules/permissions/permissions.c +++ b/src/modules/permissions/permissions.c @@ -648,8 +648,10 @@ static int mod_init(void)
static int child_init(int rank) { - if (init_child_trusted(rank) == -1) - return -1; + if (_perm_load_backends&PERM_LOAD_TRUSTEDDB) { + if (init_child_trusted(rank) == -1) + return -1; + } return 0; } ```
Thanks for the quick fix. I'll test soon and report back.
Hi Victor, The patch does indeed fix the crash. I've been looking at `init_child_trusted()` and should it not be safe to call it as written? This seems to be "safe":
``` if (!db_url.s) { return 0; }
db_handle = perm_dbf.init(&db_url); if (!db_handle) { LM_ERR("unable to connect database\n"); return -1; } ```
I'm not that familiar with the inner workings of this particular module so perhaps the best fix is the one you suggested.
Best regards, Spencer
Closed #2151 via d7f4493da751802dc47a694d251d34a85a7b3bf1.
@sjthomason it's not safe due to perm_dbf is not initialized. init_trusted() is not called. That's the origin of the crash.
-
sjthomason -
Victor Seva