[OpenSIPS-Devel] Crash with reply lacking From header

Saúl Ibarra Corretgé saul at ag-projects.com
Tue Apr 13 11:07:25 CEST 2010 

Hi Bogdan,

I got a chash when I receive this 'malformed' reply from an unknown UA:

SIP/2.0 400 Bad Request\r\n
Via: SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.6f316613.0,SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.c5799fd3.0,SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.5f316613.0,SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.f0602bb1.0,SIP/2.0/UDP
192.168.0.127:5060;rport=61669;received=xxxx;branch=z9hG4bK-ea97a2f7\r\n
To: <sip:xxxx at sip2sip.info>\r\n
Call-ID: 608a7bf2-6bd6913 at 192.168.0.127\r\n
CSeq: 102 INVITE\r\nContent-Length: 0\r\n\r\n"

This is the core dump generated:

Program terminated with signal 11, Segmentation fault.
#0  build_local (Trans=0xb5a6ea9c, branch=0, method=0xbfffcea8,
extra=0x0, rpl=0x817d6d0, len=0xbfffcebc) at t_msgbuilder.c:242
242                     from.s = rpl->from->name.s;
(gdb) bt
#0  build_local (Trans=0xb5a6ea9c, branch=0, method=0xbfffcea8,
extra=0x0, rpl=0x817d6d0, len=0xbfffcebc) at t_msgbuilder.c:242
#1  0xb7b0a5ee in send_ack (p_msg=0x817d6d0) at t_reply.c:299
#2  reply_received (p_msg=0x817d6d0) at t_reply.c:1420
#3  0x08064340 in forward_reply (msg=0x817d6d0) at forward.c:559
#4  0x0808bbbb in receive_msg (
    buf=0x81453c0 "SIP/2.0 400 Bad Request\r\nVia: SIP/2.0/UDP
192.168.99.127;branch=z9hG4bK4123.465933f1.0, SIP/2.0/UDP
192.168.99.52:49187;received=192.168.99.52;rport=49187;branch=z9hG4bKPj8HHT.Kl.ukfCCWebHr8VeDYDit381"...,
len=400, rcv_info=0xbfffcfd4) at receive.c:200
#5  0x080bdda2 in udp_rcv_loop () at udp_server.c:492
#6  0x0806a252 in main_loop (argc=3, argv=0xbfffd154) at main.c:818
#7  main (argc=3, argv=0xbfffd154) at main.c:1388
(gdb)

Of course, from is empty, because the reply didn't contain a From header.

By looking into the code (modules/tm/t_msgbuilder.c) I can see that From 
and To headers are taken from the reply, but in the past they were taken 
from the request.

I'm not that familiar with tm code, but how about checking if the reply 
does contain a From and To header and if not take the ones from the request?



Best regards,

PS: I have a couple of SIPp scenarios to reproduce this issue, let me 
know if they would be helpful.

-- 
Saúl Ibarra Corretgé
AG Projects

More information about the Devel mailing list