[OpenSIPS-Devel] Crash with reply lacking From header

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Apr 13 18:38:02 CEST 2010 

Hi Saúl,

I made a fix on trunk and 1.6 branch - could you check if it fixes the 
problem?

Thanks and regards,
Bogdan

Saúl Ibarra Corretgé wrote:
> Hi Bogdan,
>
> I got a chash when I receive this 'malformed' reply from an unknown UA:
>
> SIP/2.0 400 Bad Request\r\n
> Via: SIP/2.0/UDP
> xxxx;branch=z9hG4bK5574.6f316613.0,SIP/2.0/UDP
> xxxx;branch=z9hG4bK5574.c5799fd3.0,SIP/2.0/UDP
> xxxx;branch=z9hG4bK5574.5f316613.0,SIP/2.0/UDP
> xxxx;branch=z9hG4bK5574.f0602bb1.0,SIP/2.0/UDP
> 192.168.0.127:5060;rport=61669;received=xxxx;branch=z9hG4bK-ea97a2f7\r\n
> To: <sip:xxxx at sip2sip.info>\r\n
> Call-ID: 608a7bf2-6bd6913 at 192.168.0.127\r\n
> CSeq: 102 INVITE\r\nContent-Length: 0\r\n\r\n"
>
> This is the core dump generated:
>
> Program terminated with signal 11, Segmentation fault.
> #0  build_local (Trans=0xb5a6ea9c, branch=0, method=0xbfffcea8,
> extra=0x0, rpl=0x817d6d0, len=0xbfffcebc) at t_msgbuilder.c:242
> 242                     from.s = rpl->from->name.s;
> (gdb) bt
> #0  build_local (Trans=0xb5a6ea9c, branch=0, method=0xbfffcea8,
> extra=0x0, rpl=0x817d6d0, len=0xbfffcebc) at t_msgbuilder.c:242
> #1  0xb7b0a5ee in send_ack (p_msg=0x817d6d0) at t_reply.c:299
> #2  reply_received (p_msg=0x817d6d0) at t_reply.c:1420
> #3  0x08064340 in forward_reply (msg=0x817d6d0) at forward.c:559
> #4  0x0808bbbb in receive_msg (
>     buf=0x81453c0 "SIP/2.0 400 Bad Request\r\nVia: SIP/2.0/UDP
> 192.168.99.127;branch=z9hG4bK4123.465933f1.0, SIP/2.0/UDP
> 192.168.99.52:49187;received=192.168.99.52;rport=49187;branch=z9hG4bKPj8HHT.Kl.ukfCCWebHr8VeDYDit381"...,
> len=400, rcv_info=0xbfffcfd4) at receive.c:200
> #5  0x080bdda2 in udp_rcv_loop () at udp_server.c:492
> #6  0x0806a252 in main_loop (argc=3, argv=0xbfffd154) at main.c:818
> #7  main (argc=3, argv=0xbfffd154) at main.c:1388
> (gdb)
>
> Of course, from is empty, because the reply didn't contain a From header.
>
> By looking into the code (modules/tm/t_msgbuilder.c) I can see that From 
> and To headers are taken from the reply, but in the past they were taken 
> from the request.
>
> I'm not that familiar with tm code, but how about checking if the reply 
> does contain a From and To header and if not take the ones from the request?
>
>
>
> Best regards,
>
> PS: I have a couple of SIPp scenarios to reproduce this issue, let me 
> know if they would be helpful.
>
>   


-- 
Bogdan-Andrei Iancu
www.voice-system.ro

More information about the Devel mailing list