[OpenSIPS-Users] Register Module GRUU Length Calculation Errors

Vlad Paiu vladpaiu at opensips.org
Tue May 7 14:39:00 CEST 2013 

Hello,

Thanks very much for the fixes, Tolga.
I've pushed them on OpenSIPS trunk, 1.9 and 1.8.

About the angle brackets, I see the RFC 5626 states that '

the URN will be
       encapsulated by angle brackets ("<" and">") when it is placed
       within the quoted string value of the "+sip.instance" Contact
       header field parameter.

'

But indeed, we could make the code more fault-tolerant for buggy clients 
by not assuming that the angle brackets are always there.

Best Regards,

Vlad Paiu
OpenSIPS Developer
http://www.opensips-solutions.com


On 04/30/2013 12:42 PM, Bogdan-Andrei Iancu wrote:
> Hello Tolga,
>
> Once again, thank you for the report and patch - Vlad, the maintainer 
> of the GRUU code will take a look on this asap and make the fix.
>
> Thanks and regards,
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 04/29/2013 02:34 AM, Tolga Tarhan wrote:
>> All,
>>
>> I've discovered another bug in the register module's GRUU handling. 
>> This time, the issue is that an incorrect length is calculated for a 
>> temp GRUU before it is base64 encoded. This causes the GRUU to not 
>> match when it's decoded (since two extra characters of garbage get 
>> encoded on accident).
>>
>> In the 1.9.0 source, the problem is in modules/registrar/reply.c on 
>> line 191. The temp GRUU is calculated as time_len + aor->len + 
>> instance->len + callid->len + 3, however, when instance is actually 
>> appended to the memory buffer, two characters (the leading and 
>> trailing angle brackets) are removed. This results in the reported 
>> length being two characters too long and two extra characters of 
>> garbage being included in the base64 encoded string.
>>
>> I've created and verified a patch for this problem. It can be found 
>> here: 
>> http://netbrains-misc.s3.amazonaws.com/opensips/opensips-register-make-gruu-wrong-length.patch
>>
>> Additionally, there appears to be a possibly related bug in 
>> modules/registrar/common.c on line 141 where the call id length after 
>> base64 decoding is inexplicably reduced by one. This may have been a 
>> previous attempt by someone to partially workaround the encoding bug 
>> above, but it isn't correct, as the last character of the GRUU call 
>> id is lost.
>>
>> I've created and verified a patch for this as well. It can be found 
>> here: 
>> http://netbrains-misc.s3.amazonaws.com/opensips/opensips-lookup-gruu-wrong-length.patch
>>
>> For what it it's worth, the assumption that sip.instance contains 
>> angle-brackets may be wrong. I believe that it's always supposed to, 
>> but assuming that it does is probably problematic and could be a 
>> source of even bigger problems if the instance is less than two 
>> characters long (where the memcpy would just grab random memory, I 
>> think). My patch doesn't address this aspect, however.
>>
>> Please let me know if there's something else I need to do to get 
>> these patches accepted upstream.
>>
>> Thanks,
>> Tolga Tarhan
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130507/47150dc4/attachment.htm>

More information about the Users mailing list