Re: [Devel] Re: null radius_extra avp for acc is causing openser to crash

[Bogdan-Andrei Iancu]

Hi Ovidiu,

Thanks for the trace. I took a look through the radiusng lib and the 
problem seams to be the RADIUS AVP type issue - that was discussed in a 
separate thread - that all extra info is internally generated as strings.

The acc_extra value does not exists, so the (0,0) string is used, but 
when the RADIUS AVP is added, as the type is INTEGER, radius string will 
try to convert it to write it as integer and it will crash.

So, if you change in the radius dict the type of attribute to string, it 
should net crash any more.

On the other hand, openser should be fixed also to be safe in such 
cases. The solution will be not to added the RADIUS AVP for the empty 
extra_acc values. I will made a fix on trunk - if you could test it, it 
will be great.

Thanks and regards,
Bogdan

Ovidiu Sas wrote:
Hi Bogdan,


Here's the backtrace:
(gdb) bt
#0  0x00190e98 in rc_avpair_assign (vp=0x946e7e8, pval=0x0, len=0) at
avpair.c:77
#1  0x00190fa2 in rc_avpair_new (rh=0x9469eb8, attrid=32, pval=0x0,
len=0, vendorpec=155641832) at avpair.c:118
#2  0x001914dc in rc_avpair_add (rh=0x9469eb8, list=0xbfde7934,
attrid=32, pval=0x0, len=0, vendorpec=0) at avpair.c:36
#3  0x00fbecd0 in acc_rad_request (req=0xb6174490) at acc.c:540
#4  0x00fc1195 in tmcb_func (t=0xb6173658, type=128, ps=0x1678f4) at
acc_logic.c:373
#5  0x00146130 in run_trans_callbacks (type=128, trans=0xb6173658,
req=0xb6174490, rpl=0x81539d8, code=200) at t_hooks.c:205
#6  0x001588a3 in relay_reply (t=0xb6173658, p_msg=0x81539d8,
branch=0, msg_status=200, cancel_bitmap=0xbfde7b30) at t_reply.c:1140
#7  0x00159414 in reply_received (p_msg=0x81539d8) at t_reply.c:1373
#8  0x0805d3b6 in forward_reply (msg=0x81539d8) at forward.c:488
#9  0x0807b348 in receive_msg (
   buf=0x811ac40 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP
10.11.10.148;branch=z9hG4bK5448.283b30a3.0,SIP/2.0/UDP
10.11.128.65;branch=z9hG4bKdee07386f1ffa07d\r\nFrom: \"Ovidiu Sas\"
<sip:[EMAIL PROTECTED]>;tag=6dfe150ab60fa5"..., len=962,
rcv_info=0xbfde7c50) at receive.c:195
#10 0x080a4393 in udp_rcv_loop () at udp_server.c:465
#11 0x08069f66 in main_loop () at main.c:834
#12 0x0806be57 in main (argc=3, argv=0xbfde7e34) at main.c:1399


# openser -V
version: openser 1.2.0-notls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST,
SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: 2:1987M
@(#) $Id: main.c 1746 2007-03-05 16:06:58Z miconda $
main.c compiled on 09:29:33 Apr 11 2007 with gcc 3.4.4


Regards,
Ovidiu Sas


On 4/13/07, Ovidiu Sas <[EMAIL PROTECTED]> wrote:
Hi Bogdan,

I will get you one on Monday.


Regards,
Ovidiu Sas

On 4/13/07, Bogdan-Andrei Iancu <[EMAIL PROTECTED]> wrote:
> Hi Ovidiu,
>
> there is such a check when the PV for extra acc are computed - see
> modules/acc/acc_extra.c , function extra2strar().
>
> could you provide a BT?
>
> regards,
> bogdan
>
> Ovidiu Sas wrote:
> > Does anyone else experienced this?
> >
> >
> > Regards,
> > Ovidiu Sas
> >
> > On 4/11/07, Ovidiu Sas <[EMAIL PROTECTED]> wrote:
> >> Hi all,
> >>
> >> If an avp that is defined as an extra attribute for radius 
accounting
> >> is null or not defined, it is causing openser to crash.  The code
> >> should check if the avp or PV is null and drop or send the 
attribute
> >> based on value.
> >>
> >>
> >> Regards,
> >> Ovidiu Sas
> >>
> >
> > _______________________________________________
> > Devel mailing list
> > Devel@openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/devel
> >
>
>




_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel