From dotnetdub@gmail.com Fri Feb 4 17:48:29 2011 From: dotnetdub To: sr-users@lists.kamailio.org Subject: Re: [SR-Users] SIP Router 3.03 topoh Date: Fri, 04 Feb 2011 16:48:02 +0000 Message-ID: In-Reply-To: <4CEE9F07.20405@1and1.ro> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0136693315==" --===============0136693315== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On 25 November 2010 17:38, marius zbihlei wrote: > On 11/25/2010 07:32 PM, dotnetdub wrote: > > >>> > Are you able to test a patch if a provide one to you? I wanted to wait for > Daniel's opinion as I have no way of testing it. If you have a dump of the > attack traffic or you can generate more with bad CSEQ (as from the message > log you provided) you can test the patch against your cfg and see if it > still crashes(hope not). In my opinion the crash should be deterministic. > You will find the trivial patch attached. If you can test it and it works I > will push it to upstream (also to 3.0 branch). Keep in mind that other > probles might appear as well during the processing of the SIP messages. If a > core does appear please retry the steps in the previous mail with the new > core and .so offset. > > Apply the patch with the patch utility (copy to the modules/topoh and run > patch < patch) . I await some feedback :) > > Marius > Hi Marius, I did apply this patch and recompile. I checked the lib folder and date of topoh changed to compile date. Another SIP attack and core dump again. This looks like different memory addresses though. proxy:/var/log# dmesg [1853341.778338] kamailio[20503]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853341.921334] kamailio[20507]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853341.991430] kamailio[20498]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.057429] kamailio[20506]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.139751] kamailio[20505]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.149429] kamailio[20499]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.156097] kamailio[20502]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.160097] kamailio[20501]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.163561] kamailio[20500]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.168357] kamailio[20504]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20503]: ERROR: [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 kernel: [1853341.778338] kamailio[20503]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20503]: ERROR: [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20503]: ERROR: [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20503]: INFO: [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 sip[20500]: INFO: