Re: [OpenSIPS-Users] async- issues- 2.2.2

Thu, 19 Jan 2017 00:31:01 -0800 

You have my answer inline.

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 01/18/2017 08:17 PM, Ramachandran, Agalya (Contractor) wrote:


Hi Razvan,
Got your point.I tried to increase the MAX_CONTENT_TYPE_LEN and tested async call and it is working fine without crash. 

But one more question.
The same piece of code am using for *sync REST_API* query too in rest_put() method. There also print_buff is only being used.
It is working absolutely fine in the case of sync call even if the MAX_CONTENT_TYPE_LEN – is 64.
Wondering what would be the reason in sync call, it is working and in async it is not?
Pure luck. You are doing a buffer overflow, overwriting the data section. Probably when doing sync calls, nobody is using the data you are overwriting. But if it doesn't crash it doesn't mean it is ok :). 

Regards,

Agalya
*From:*Users [mailto:[email protected]] *On Behalf Of *Razvan Crainea 
*Sent:* Wednesday, January 18, 2017 4:29 AM
*To:* [email protected]
*Subject:* Re: [OpenSIPS-Users] async- issues- 2.2.2

Hi, Ramachandran!
The print_buff buffer is declared with length MAX_CONTENT_TYPE_LEN -> 64. Writing more than 64 bytes will lead to a buffer overflow, probably followed by a crash. If you want to suppor longer CallIDs, just increase the size of the buffer, or allocate the buffer with a size large enought to fit your callid length. 

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com <http://www.opensips-solutions.com>

On 01/17/2017 11:13 PM, Ramachandran, Agalya (Contractor) wrote:

    Hi Liviu,

    Found the exact issue what causes the crash.

    In start_async_http_req, under case PUT/POST, we have the
    following code blue color by default.

    But for my project scenario, I need to add call-id header too
    here, including that code in red color for your reference.

    if (req_ctype) {

    sprintf(print_buff, "Content-Type: %s", req_ctype);

    header_list = curl_slist_append(header_list, print_buff);

    sprintf(print_buff, "Call-Id: %s", instanceId);

    header_list = curl_slist_append(header_list, print_buff);

    w_curl_easy_setopt(handle, CURLOPT_HTTPHEADER, header_list);

       }

    If I try by removing the Call-Id header in the curl-slist, then it
    works perfectly fine in case of POST as well as PUT.

    How can I overcome this situation? Your guidance would help me a lot.

    Regards,
    Agalya

    *From:* Users [mailto:[email protected]] *On Behalf
    Of *Ramachandran, Agalya (Contractor)
    *Sent:* Tuesday, January 17, 2017 3:58 PM
    *To:* OpenSIPS users mailling list <[email protected]>
    <mailto:[email protected]>; Liviu Chircu
    <[email protected]> <mailto:[email protected]>
    *Subject:* Re: [OpenSIPS-Users] async- issues- 2.2.2

    Hi,

    Another information may help you to find this issue.

    Am changing the “req_body” in the rest_methods.c, as per the REST
    API server is expecting the payload value.

    If I change this “req_body” in *REST_POST* as well, and if the
    *Call-Id length is > 56*, it crashes in *the POST call too*.

    Regards,
    Agalya

    *From:* Users [mailto:[email protected]] *On Behalf
    Of *Ramachandran, Agalya (Contractor)
    *Sent:* Tuesday, January 17, 2017 3:03 PM
    *To:* OpenSIPS users mailling list <[email protected]
    <mailto:[email protected]>>; Liviu Chircu
    <[email protected] <mailto:[email protected]>>
    *Subject:* [OpenSIPS-Users] async- issues- 2.2.2

    Hi Liviu/team,

    When I try to do an asynchronous REST_PUT call in OpenSIPS 2.2.2,
    I see the below observance and issues.

    All the calls are made from sipp client.

    *No*

        

    *Test Scenario *

        

    *Result/observation*

    1.

        

    Call-Id length < 50

        

    Works perfectly fine

    2

        

    Call-Id length  >54 and < 56

        

    No crash observed. But error in curl_multiperform

    3.

        

    Call-Id length  > 56

        

    Opensips crashes at liburl.

    Please find the details for test 2 and test 3.

    I have tested with REST_POST with case 3, I didn’t observe any
    crashes.

    Please let me know what could cause this issue and how can I fix this?

    *Test2:*

    **

    Jan 17 18:23:13 /usr/local/sbin/opensips[18554]:
    ERROR:rest_client:start_async_http_req: curl_multi_perform:
    Invalid multi handle

    Jan 17 18:23:13  /usr/local/sbin/opensips[18554]:
    ERROR:rest_client:start_async_http_req: curl_multi_remove_handle:
    Invalid multi handle

    *Test 3:*

    (gdb) bt

    #0 0x00007f370bccb9bb in curl_multi_add_handle () from
    /lib64/libcurl.so.4

    #1 0x00007f370bf05521 in start_async_http_req
    (msg=msg@entry=0x7f374db14270, method=method@entry=REST_CLIENT_PUT,

    url=0x7f374dad8178 "http://url";, req_body=<optimized out>,

    req_ctype=<optimized out>,
    out_handle=out_handle@entry=0x7f374db204e0,
    body=body@entry=0x7f374db204e8, ctype=0x7f374db204f8)

        at rest_methods.c:227

    #2 0x00007f370bf0e2ca in w_async_rest_put (msg=0x7f374db14270,
    resume_f=0x7ffc6f551680, resume_param=0x7ffc6f551690,

    gp_url=<optimized out>, gp_body=<optimized out>,
    gp_ctype=<optimized out>, body_pv=0x7f374daf5510 "N",

    ctype_pv=0x7f374daf55a8 "N", code_pv=0x7f374daf5670 "N") at
    rest_client.c:579

    #3 0x00007f370d24920f in t_handle_async (msg=0x7f374db14270,
    a=0x7f374dad8508, resume_route=<optimized out>) at async.c:240

    #4 0x000000000042d724 in do_action (a=a@entry=0x7f374dad8680,
    msg=msg@entry=0x7f374db14270) at action.c:1863

    #5 0x00000000004341cc in run_action_list (a=<optimized out>,
    msg=0x7f374db14270) at action.c:172

    #6 0x0000000000430769 in do_action (a=a@entry=0x7f374dad8760,
    msg=msg@entry=0x7f374db14270) at action.c:1108

    #7 0x000000000043454d in run_action_list (msg=<optimized out>,
    a=<optimized out>) at action.c:172

    #8  run_actions (a=<optimized out>, msg=0x7f374db14270) at
    action.c:137

    #9 0x000000000042f8d7 in do_action (a=a@entry=0x7f374dad6b58,
    msg=msg@entry=0x7f374db14270) at action.c:745

    #10 0x0000000000434393 in run_action_list (msg=<optimized out>,
    a=<optimized out>) at action.c:172

    #11 run_actions (msg=0x7f374db14270, a=<optimized out>) at
    action.c:137

    #12 run_top_route (a=<optimized out>,
    msg=msg@entry=0x7f374db14270) at action.c:204

    #13 0x000000000043bcba in receive_msg (

    buf=0x858c20 <buf.8277> "INVITE sip:[email protected]
    SIP/2.0\r\nTo:
    <sip:[email protected];user=phone>\r\nFrom: \"test
    PA\"<sip:[email protected]:32004;user=phone;isup-oli=00>;"...,
    len=<optimized out>,

    rcv_info=rcv_info@entry=0x7ffc6f552c70,
    existing_context=existing_context@entry=0x0) at receive.c:208

    #14 0x00000000005b0b03 in udp_read_req (si=<optimized out>,
    bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:192

    #15 0x000000000059b960 in handle_io (idx=<optimized out>,
    event_type=<optimized out>, fm=<optimized out>) at net/net_udp.c:259

    #16 io_wait_loop_epoll (h=<optimized out>, t=<optimized out>,
    repeat=<optimized out>) at net/../io_wait_loop.h:225

    #17 udp_rcv_loop (si=si@entry=0x7f374dacb6c8) at net/net_udp.c:308

    #18 0x000000000059ce88 in udp_start_processes
    (chd_rank=chd_rank@entry=0x845830 <chd_rank.11028>,
    startup_done=startup_done@entry=0x0)

        at net/net_udp.c:372

    #19 0x0000000000419f50 in main_loop () at main.c:671

    #20 main (argc=<optimized out>, argv=<optimized out>) at main.c:1261

    Regards,
    Agalya




    _______________________________________________

    Users mailing list

    [email protected] <mailto:[email protected]>

    http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to