Hello,
On 07/05/06 20:15, Walter Schober wrote:
Hi!
Yes, I do have the core and the sources. But from CVS version
20060515-141301.
>From 20060629-181301 I found only the core.
first send me the backtrace. I may find the issue without the core.
gdb /path/to/openser core
bt
Cheers,
Daniel
Br
Walter
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 05, 2006 7:07 PM
To: Walter Schober
Cc: [email protected]
Subject: Re: [Devel] Buffer overlow in avpops_impl.c
Hello,
can you reproduce the crash and get a core file? Would be recommended to
use the latest CVS version since there were some updates in the last
days. Also, please send to me the backtrace and keep the sources,
binaries and the core file, I might need them for further investigation
- I will request you to post them for download on a ftp/http site, if it
is the case.
Cheers,
Daniel
On 07/05/06 19:47, Walter Schober wrote:
Hi!
Any reason, to not increase
#define STR_BUF_SIZE 1024
to 2048 in avpops_impl.c?
If openser (openser-devel-cvs-20060629-181301 snapshot) get's this
message:
-----
INVITE
sip:[EMAIL PROTECTED]:5060;transport=udp;x-orig=11.222.111.65:5060;x
-orig-nat=192.168.41.52:5060 SIP/2.0
Via: SIP/2.0/UDP 111.22.33.130:5084;branch=z9hG4bKOxqv17W1xHQZ_pF;rport
Via: SIP/2.0/UDP 111.22.33.131;branch=z9hG4bK8cf5.c5f8b7a.0
Via: SIP/2.0/UDP
192.168.41.32:5060;received=11.222.111.65;branch=z9hG4bK8bef7daae;rport=1026
From: "MTA1 Scientific Atlanta"
<sip:[EMAIL PROTECTED]>;tag=77c36a54bb929cf
To: "05557654321" <sip:[EMAIL PROTECTED]>
Call-ID: [EMAIL PROTECTED]
CSeq: 1106478969 INVITE
Max-Forwards: 68
Supported: timer,replaces
Allow: NOTIFY,REFER,OPTIONS,INVITE,ACK,CANCEL,BYE
Contact: "05551234567"
<sip:[EMAIL PROTECTED]:5060;x-orig=11.222.111.65:1026;x-orig-nat=192
.168.41.32:5060>
Content-Length: 483
Content-Type: application/sdp
Record-Route: <sip:111.22.33.130:5084;lr>
Record-Route: <sip:111.22.33.131;lr;ftag=77c36a54bb929cf>
User-Agent: Brcm-Callctrl/v1.7.2.2 MxSF/v3.6.2.5
Privacy: none
v=0
o=MxSIP 0 1123886028 IN IP4 192.168.41.32
s=SIP Call
c=IN IP4 111.22.33.136
t=0 0
m=audio 35384 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 144,149,159,0-15
a=ptime:20
a=sendrecv
a=silenceSupp:off - - - -
a=sqn: 0
a=cdsc: 1 audio RTP/AVP 0 8 101
a=cpar: a=rtpmap:0 PCMU/8000
a=cpar: a=rtpmap:8 PCMA/8000
a=cpar: a=rtpmap:101 telephone-event/8000
a=cpar: a=fmtp:101 144,149,159,0-15
a=nortpproxy:yes
------
And does:
if (uri==myself) {
if (avp_check("$ru", "re/x-orig=.*x-orig-nat/ig")) {
Openser crashed in ops_check_avp():
cycle1:
/* copy string since pseudo-variables uses static buffer */
if(flags&AVP_VAL_STR)
{
if(avp_val.s.len>=STR_BUF_SIZE)
{
LOG(L_ERR,
"avpops:ops_check_avp: error src value too
long\n");
goto error;
}
strcpy(str_buf, avp_val.s.s);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
At this strcpy.
Strange: It was this message only. Any other client (!) sending any other
messages run fine.
srv01:/home/schoberw# wc test.txt
39 104 1486 test.txt
Br
Walter
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
