[OpenSIPS-Devel] Crash with reply lacking From header
Saúl Ibarra Corretgé
saul at ag-projects.com
Tue Apr 13 11:07:25 CEST 2010
Hi Bogdan,
I got a chash when I receive this 'malformed' reply from an unknown UA:
SIP/2.0 400 Bad Request\r\n
Via: SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.6f316613.0,SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.c5799fd3.0,SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.5f316613.0,SIP/2.0/UDP
xxxx;branch=z9hG4bK5574.f0602bb1.0,SIP/2.0/UDP
192.168.0.127:5060;rport=61669;received=xxxx;branch=z9hG4bK-ea97a2f7\r\n
To: <sip:xxxx at sip2sip.info>\r\n
Call-ID: 608a7bf2-6bd6913 at 192.168.0.127\r\n
CSeq: 102 INVITE\r\nContent-Length: 0\r\n\r\n"
This is the core dump generated:
Program terminated with signal 11, Segmentation fault.
#0 build_local (Trans=0xb5a6ea9c, branch=0, method=0xbfffcea8,
extra=0x0, rpl=0x817d6d0, len=0xbfffcebc) at t_msgbuilder.c:242
242 from.s = rpl->from->name.s;
(gdb) bt
#0 build_local (Trans=0xb5a6ea9c, branch=0, method=0xbfffcea8,
extra=0x0, rpl=0x817d6d0, len=0xbfffcebc) at t_msgbuilder.c:242
#1 0xb7b0a5ee in send_ack (p_msg=0x817d6d0) at t_reply.c:299
#2 reply_received (p_msg=0x817d6d0) at t_reply.c:1420
#3 0x08064340 in forward_reply (msg=0x817d6d0) at forward.c:559
#4 0x0808bbbb in receive_msg (
buf=0x81453c0 "SIP/2.0 400 Bad Request\r\nVia: SIP/2.0/UDP
192.168.99.127;branch=z9hG4bK4123.465933f1.0, SIP/2.0/UDP
192.168.99.52:49187;received=192.168.99.52;rport=49187;branch=z9hG4bKPj8HHT.Kl.ukfCCWebHr8VeDYDit381"...,
len=400, rcv_info=0xbfffcfd4) at receive.c:200
#5 0x080bdda2 in udp_rcv_loop () at udp_server.c:492
#6 0x0806a252 in main_loop (argc=3, argv=0xbfffd154) at main.c:818
#7 main (argc=3, argv=0xbfffd154) at main.c:1388
(gdb)
Of course, from is empty, because the reply didn't contain a From header.
By looking into the code (modules/tm/t_msgbuilder.c) I can see that From
and To headers are taken from the reply, but in the past they were taken
from the request.
I'm not that familiar with tm code, but how about checking if the reply
does contain a From and To header and if not take the ones from the request?
Best regards,
PS: I have a couple of SIPp scenarios to reproduce this issue, let me
know if they would be helpful.
--
Saúl Ibarra Corretgé
AG Projects
More information about the Devel
mailing list