#146 [PATCH] lcr module crashes if ruri_user is void

1.4.x
closed-fixed
modules (454)
5
2009-05-26
2009-05-23
Anonymous
No

lcd module running in prefix_mode=1 is bound to crash in an incoming INVITE's Request-URI doesn't contain username part:

May 23 19:10:56 SIPS4 /usr/local/sbin/opensips[8754]: ----- Processing INVITE RURI=sip:11.11.11.11 F=sip:2123752645@22.22.22.22 T=sip:11.11.11.11 IP=22.22.22.22 ID=5781c4b2739bcab21003ab7162826e30@22.22.22.22
May 23 19:10:56 SIPS4 kernel: opensips[8754]: segfault at 0000000000000000 rip 00002aaaab15f080 rsp 00007fff1d3b27c8 error 4
May 23 19:10:57 SIPS4 /usr/local/sbin/opensips[8752]: INFO:core:handle_sigs: child process 8754 exited by a signal 11

(gdb) bt
#0 0x00002aaaab15f080 in strlen () from /lib/libc.so.6
#1 0x00002aaaab1a0d08 in regexec () from /lib/libc.so.6
#2 0x00002aaaada31fec in do_load_gws (_m=0x7bde18, _from_uri=0x0, _grp_id=-1) at lcr_mod.c:1271
#3 0x00002aaaada3387d in load_gws_0 (_m=0x7bde18, _s1=0x0, _s2=0x0) at lcr_mod.c:1512
#4 0x000000000041106b in do_action (a=0x771580, msg=0x7bde18) at action.c:845
#5 0x000000000040e13a in run_action_list (a=0x771580, msg=0x7bde18) at action.c:138
#6 0x0000000000452da3 in eval_elem (e=0x771650, msg=0x7bde18, val=0x0) at route.c:1133
#7 0x0000000000456e9d in eval_expr (e=0x771650, msg=0x7bde18, val=0x0) at route.c:1430
#8 0x0000000000456f81 in eval_expr (e=0x771698, msg=0x7bde18, val=0x0) at route.c:1446
#9 0x0000000000456fb5 in eval_expr (e=0x7716e0, msg=0x7bde18, val=0x0) at route.c:1451
#10 0x00000000004107cb in do_action (a=0x771a78, msg=0x7bde18) at action.c:700
#11 0x000000000040e13a in run_action_list (a=0x771a78, msg=0x7bde18) at action.c:138
#12 0x000000000040e415 in run_actions (a=0x771a78, msg=0x7bde18) at action.c:118
#13 0x000000000040fa19 in do_action (a=0x76e9d0, msg=0x7bde18) at action.c:483
#14 0x000000000040e13a in run_action_list (a=0x76e4e0, msg=0x7bde18) at action.c:138
#15 0x000000000041090a in do_action (a=0x76efa0, msg=0x7bde18) at action.c:717
#16 0x000000000040e13a in run_action_list (a=0x76efa0, msg=0x7bde18) at action.c:138
#17 0x000000000041090a in do_action (a=0x76f140, msg=0x7bde18) at action.c:717
#18 0x000000000040e13a in run_action_list (a=0x769008, msg=0x7bde18) at action.c:138
#19 0x000000000040e415 in run_actions (a=0x769008, msg=0x7bde18) at action.c:118
#20 0x000000000040e4de in run_top_route (a=0x769008, msg=0x7bde18) at action.c:179
#21 0x000000000044aae3 in receive_msg (
buf=0x73cbe0 "INVITE sip:11.11.11.11 SIP/2.0\r\nVia: SIP/2.0/UDP 22.22.22.22:5060;branch=z9hG4bK0f49cc08;rport\r\nFrom: \"Unavailable\" <sip:2123752645@22.22.22.22>;tag=as5ae62e90\r\nTo: <sip:11.11.11.11>\r\nCont"..., len=869, rcv_info=0x7fff1d3c0430) at receive.c:165
#22 0x00000000004836fa in udp_rcv_loop () at udp_server.c:449
#23 0x0000000000423968 in main_loop () at main.c:780
#24 0x0000000000425d5d in main (argc=9, argv=0x7fff1d3c0688) at main.c:1319

Reproduced on 1.4.4 but all versions are affected. I suggest the following patch:

Index: lcr_mod.c

--- lcr_mod.c (revision 5245)
+++ lcr_mod.c (working copy)
@@ -1194,7 +1194,7 @@
struct lcr_info lcr_rec;

/* Find Request-URI user */
- if (parse_sip_msg_uri(_m) < 0) {
+ if ((parse_sip_msg_uri(_m) < 0) || (!_m->parsed_uri.user.s)) {
LM_ERR("Error while parsing R-URI\n");
return -1;
}

Discussion

  • Feel free to ask me should you want to test something since I have everything set up.
    Andrew <andrew.pogrebennyk@portaone.com>

     
    • labels: --> modules
    • assigned_to: nobody --> bogdan_iancu
    • status: open --> open-accepted
     
    • status: open-accepted --> closed-fixed
     
  • Hi Andrew,

    Thanks for the patch - I uploaded it on SVN trunk and 1.5 branch.

    Regards,
    Bogdan