22 Feb
2021
22 Feb
'21
7:26 a.m.
Hi Team,
Kamailio 5.2 getting crashed in tls_accept. Can someone help over here.
#0 0x00007f1b135c09b2 in EVP_DecryptUpdate () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#1 0x00007f1b135f3034 in ?? () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#2 0x00007f1b135f36a3 in ?? () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#3 0x00007f1b135f4051 in RAND_DRBG_reseed () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#4 0x00007f1b135f457d in RAND_DRBG_generate () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#5 0x00007f1b135f46f1 in RAND_DRBG_bytes () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#6 0x00007f1b1378649e in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
#7 0x00007f1b13777f5f in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
#8 0x00007f1b13763f34 in SSL_do_handshake () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
#9 0x00007f1acf246fce in tls_accept (c=0x7f1ad35fdc60,
error=0x7ffc238dd1dc) at tls_server.c:411
#10 0x00007f1acf2503a3 in tls_read_f (c=0x7f1ad35fdc60,
flags=0x7ffc238dd50c) at tls_server.c:1097
#11 0x0000559ac2ec9b46 in tcp_read_headers (c=0x7f1ad35fdc60,
read_flags=0x7ffc238dd50c) at core/tcp_read.c:462
#12 0x0000559ac2eced1c in tcp_read_req (con=0x7f1ad35fdc60,
bytes_read=0x7ffc238dd514, read_flags=0x7ffc238dd50c) at
core/tcp_read.c:1348
#13 0x0000559ac2ed5442 in handle_io (fm=0x7f1b13d2cef8, events=8193,
idx=-1) at core/tcp_read.c:1715
#14 0x0000559ac2ec424a in io_wait_loop_epoll (h=0x559ac3153f80 <io_w>, t=2,
repeat=0) at core/io_wait.h:1073
#15 0x0000559ac2ed6df4 in tcp_receive_loop (unix_sock=75) at
core/tcp_read.c:1829
#16 0x0000559ac2db8685 in tcp_init_children () at core/tcp_main.c:4802
#17 0x0000559ac2cb6867 in main_loop () at main.c:1714
#18 0x0000559ac2cbd6af in main (argc=15, argv=0x7ffc238ddb88) at main.c:2644
22 Feb
22 Feb
10:33 a.m.
Hi,
try to update to a maintained version (e.g. recent 5.3.x or 5.4.x) – in TLS support there
have been several bugs fixed in newer releases.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of surendra p
Sent: Monday, February 22, 2021 5:26 AM
To: sr-users(a)lists.kamailio.org
Subject: [SR-Users] Kamailio Crash in TLS acceppt
Hi Team,
Kamailio 5.2 getting crashed in tls_accept. Can someone help over here.
#0 0x00007f1b135c09b2 in EVP_DecryptUpdate () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#1 0x00007f1b135f3034 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#2 0x00007f1b135f36a3 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#3 0x00007f1b135f4051 in RAND_DRBG_reseed () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#4 0x00007f1b135f457d in RAND_DRBG_generate () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#5 0x00007f1b135f46f1 in RAND_DRBG_bytes () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#6 0x00007f1b1378649e in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
#7 0x00007f1b13777f5f in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
#8 0x00007f1b13763f34 in SSL_do_handshake () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
#9 0x00007f1acf246fce in tls_accept (c=0x7f1ad35fdc60, error=0x7ffc238dd1dc) at
tls_server.c:411
#10 0x00007f1acf2503a3 in tls_read_f (c=0x7f1ad35fdc60, flags=0x7ffc238dd50c) at
tls_server.c:1097
#11 0x0000559ac2ec9b46 in tcp_read_headers (c=0x7f1ad35fdc60, read_flags=0x7ffc238dd50c)
at core/tcp_read.c:462
#12 0x0000559ac2eced1c in tcp_read_req (con=0x7f1ad35fdc60, bytes_read=0x7ffc238dd514,
read_flags=0x7ffc238dd50c) at core/tcp_read.c:1348
#13 0x0000559ac2ed5442 in handle_io (fm=0x7f1b13d2cef8, events=8193, idx=-1) at
core/tcp_read.c:1715
#14 0x0000559ac2ec424a in io_wait_loop_epoll (h=0x559ac3153f80 <io_w>, t=2,
repeat=0) at core/io_wait.h:1073
#15 0x0000559ac2ed6df4 in tcp_receive_loop (unix_sock=75) at core/tcp_read.c:1829
#16 0x0000559ac2db8685 in tcp_init_children () at core/tcp_main.c:4802
#17 0x0000559ac2cb6867 in main_loop () at main.c:1714
#18 0x0000559ac2cbd6af in main (argc=15, argv=0x7ffc238ddb88) at main.c:2644
2:38 p.m.
I am running source code based, I don't see any changes in tls module with
respect to implementation. I have recompiled my kamailio source using
openssl 1.1.1j version.
I tried this below by upgrading openssl using the latest source code.
Vulnerability in OpenSSL - Integer overflow in CipherUpdate (vulners.com)
<https://vulners.com/openssl/OPENSSL:CVE-2021-23840>
Going to monitor kamailio for some days, this core is not straightforward.
On Mon, Feb 22, 2021 at 1:04 PM Henning Westerholt <hw(a)skalatan.de> wrote:
Hi,
try to update to a maintained version (e.g. recent 5.3.x or 5.4.x) – in
TLS support there have been several bugs fixed in newer releases.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> *On Behalf Of *surendra
p
*Sent:* Monday, February 22, 2021 5:26 AM
*To:* sr-users(a)lists.kamailio.org
*Subject:* [SR-Users] Kamailio Crash in TLS acceppt
Hi Team,
Kamailio 5.2 getting crashed in tls_accept. Can someone help over here.
#0 0x00007f1b135c09b2 in EVP_DecryptUpdate () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#1 0x00007f1b135f3034 in ?? () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#2 0x00007f1b135f36a3 in ?? () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#3 0x00007f1b135f4051 in RAND_DRBG_reseed () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#4 0x00007f1b135f457d in RAND_DRBG_generate () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#5 0x00007f1b135f46f1 in RAND_DRBG_bytes () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#6 0x00007f1b1378649e in ?? () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
#7 0x00007f1b13777f5f in ?? () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
#8 0x00007f1b13763f34 in SSL_do_handshake () from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
#9 0x00007f1acf246fce in tls_accept (c=0x7f1ad35fdc60,
error=0x7ffc238dd1dc) at tls_server.c:411
#10 0x00007f1acf2503a3 in tls_read_f (c=0x7f1ad35fdc60,
flags=0x7ffc238dd50c) at tls_server.c:1097
#11 0x0000559ac2ec9b46 in tcp_read_headers (c=0x7f1ad35fdc60,
read_flags=0x7ffc238dd50c) at core/tcp_read.c:462
#12 0x0000559ac2eced1c in tcp_read_req (con=0x7f1ad35fdc60,
bytes_read=0x7ffc238dd514, read_flags=0x7ffc238dd50c) at
core/tcp_read.c:1348
#13 0x0000559ac2ed5442 in handle_io (fm=0x7f1b13d2cef8, events=8193,
idx=-1) at core/tcp_read.c:1715
#14 0x0000559ac2ec424a in io_wait_loop_epoll (h=0x559ac3153f80 <io_w>,
t=2, repeat=0) at core/io_wait.h:1073
#15 0x0000559ac2ed6df4 in tcp_receive_loop (unix_sock=75) at
core/tcp_read.c:1829
#16 0x0000559ac2db8685 in tcp_init_children () at core/tcp_main.c:4802
#17 0x0000559ac2cb6867 in main_loop () at main.c:1714
#18 0x0000559ac2cbd6af in main (argc=15, argv=0x7ffc238ddb88) at
main.c:2644
1372
days inactive
1372
days old
2 comments
2 participants
participants (2)
-
Henning Westerholt -
surendra p