On 25 November 2010 17:38, marius zbihlei <marius.zbih...@1and1.ro> wrote:
> On 11/25/2010 07:32 PM, dotnetdub wrote: > > >>> > Are you able to test a patch if a provide one to you? I wanted to wait for > Daniel's opinion as I have no way of testing it. If you have a dump of the > attack traffic or you can generate more with bad CSEQ (as from the message > log you provided) you can test the patch against your cfg and see if it > still crashes(hope not). In my opinion the crash should be deterministic. > You will find the trivial patch attached. If you can test it and it works I > will push it to upstream (also to 3.0 branch). Keep in mind that other > probles might appear as well during the processing of the SIP messages. If a > core does appear please retry the steps in the previous mail with the new > core and .so offset. > > Apply the patch with the patch utility (copy to the modules/topoh and run > patch < patch) . I await some feedback :) > > Marius > Hi Marius, I did apply this patch and recompile. I checked the lib folder and date of topoh changed to compile date. Another SIP attack and core dump again. This looks like different memory addresses though. proxy:/var/log# dmesg [1853341.778338] kamailio[20503]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853341.921334] kamailio[20507]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853341.991430] kamailio[20498]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.057429] kamailio[20506]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.139751] kamailio[20505]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.149429] kamailio[20499]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.156097] kamailio[20502]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.160097] kamailio[20501]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.163561] kamailio[20500]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] [1853342.168357] kamailio[20504]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 kernel: [1853341.778338] kamailio[20503]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20503]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20503]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 sip[20500]: INFO: <script>: [ROUTE-1] Received registration from sip:3564815798@195.191.29.11<sip%3A3564815798@195.191.29.11>(180.148.1.3) Feb 4 16:19:09 proxy1 sip[20500]: INFO: <script>: [ROUTE-1 !] Credentials invalid; issuing challenge Feb 4 16:19:09 proxy1 sip[20507]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20507]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20507]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20507]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853341.921334] kamailio[20507]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20498]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20498]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20498]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20498]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853341.991430] kamailio[20498]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20506]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20506]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20506]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20506]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.057429] kamailio[20506]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20505]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20505]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20505]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20505]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.139751] kamailio[20505]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20499]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20499]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20499]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20499]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.149429] kamailio[20499]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20502]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20502]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20502]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20502]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.156097] kamailio[20502]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20501]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20501]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20501]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20501]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.160097] kamailio[20501]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20500]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20500]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20500]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20500]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.163561] kamailio[20500]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:09 proxy1 sip[20504]: ERROR: <core> [parser/parse_cseq.c:97]: ERROR: CSeq EoL expected Feb 4 16:19:09 proxy1 sip[20504]: ERROR: <core> [parser/parse_cseq.c:100]: ERROR: parse_cseq: bad cseq Feb 4 16:19:09 proxy1 sip[20504]: ERROR: <core> [parser/msg_parser.c:158]: ERROR: get_hdr_field: bad cseq Feb 4 16:19:09 proxy1 sip[20504]: INFO: <core> [parser/msg_parser.c:353]: ERROR: bad header field [CSeq: 1 REGISTER ACK] Feb 4 16:19:09 proxy1 kernel: [1853342.168357] kamailio[20504]: segfault at 18 ip b7064220 sp bf9c3370 error 4 in topoh.so[b7061000+d000] Feb 4 16:19:13 proxy1 sip[20497]: ALERT: <core> [main.c:741]: child process 20507 exited by a signal 11 Regards, Brian > > Regards > Brian > > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users