uac: Segfault on uac_reg_db_to_reg

[covalschi]

Description

I was testing latest nightly build to test uacreg with auth_ha1 column. I have 1 record in database:

id: 1
l_uuid: 50b08f96-ee5d-44bb-8539-098268ad64d1
l_username: covalschi
l_domain: test113.covalschi.reraldomain.com
r_username: covalschi
r_domain: sip.linphone.org
realm: sip.linphone.org
auth_username: covalschi
auth_password:
auth_ha1: f0e0dc4bf176fe8f41280b7b3758150d
auth_proxy: sip.linphone.org
expires: 3600
flags: 0
reg_delay: 0
socket:

When I execute kamcmd uac.reg_reload I get:
ERROR: read reply failed: Success (0) as return code for kamcmd and Kamailio crashes.

Troubleshooting

It repeats every time, Kamailio crashes with signal 11

Reproduction

Basically do the same - create a record in database with auth_ha1 instead of password and try kamcmd uac.reg_reload

Debugging Data

bt full: https://pastebin.com/by6Nxwhk
info locals: https://pastebin.com/ZmEHnupn
(gdb) list
1871	in main.c

core.zip

Log Messages

27(380) CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 5
 0(1) ALERT: <core> [main.c:766]: handle_sigs(): child process 364 exited by a signal 11
 0(1) ALERT: <core> [main.c:769]: handle_sigs(): core was generated

Additional Information

• Kamailio Version - output of kamailio -v

version: kamailio 5.3.0-pre1 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 6.3.0

• Operating System:

Debian stretch in docker 
Linux dev-covalschi 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3 (2019-09-02) x86_64 GNU/Linux

UPD: calling uac.reg_reload through jsonrpc caused same behaviour
UPD2: it seems that uac_reg_load_db functions just fails
UPD3: I noticed there's no socket data fetched from db, even though I have it in my sqlite

          s = 0x7f0b7da1d840 "unic113.covalschi.realdomain.com", len = 29}, r_username = {s = 0x7f0b7da1d8c8 "covalschi", len = 9}, r_domain = {s = 0x7f0b7da1d940 "sip.linphone.org", len = 16}, realm = {
          s = 0x7f0b7da1d9c0 "sip.linphone.org", len = 16}, auth_proxy = {s = 0x7f0b7da1dbb8 "sip:sip.linphone.org", len = 20}, auth_username = {s = 0x7f0b7da1da40 "covalschi", len = 9}, auth_password = {
          s = 0x7f0b7da1dab8 "f0e0dc4bf176fe8f41280b7b3758150d", len = 32}, auth_ha1 = {s = 0x0, len = 0}, callid = {s = 0x0, len = 0}, socket = {s = 0x0, len = 0}, cseq = 0, flags = 0, expires = 3600, timer_expires = 0,
        reg_delay = 10, reg_init = 0, lock = 0x0}```

[covalschi]

Strlen error happens with
uac_reg_db_to_reg
on
reg_db_set_attr(socket, 13, 1)
commeting that out makes it send REGISTER and authentication is fine

[henningw]

Ok, I think the reg_db_set_attr define was new introduced for this functionality.

[covalschi]

Ok, I think the reg_db_set_attr define was new introduced for this functionality.

I tried reverting it back to the version before @miconda's commit, but it showed the same behaviour. I mean, I only reverted back reg_db_set_attr and uac_reg_load_db making a slight modification to keep auth_ha1 in.

Please note that socket field data is not showing in the coredump.

[henningw]

Ok, interesting. What kind of DB do you use, maybe it is something about the NULL support inside the DB.

[covalschi]

Ok, interesting. What kind of DB do you use, maybe it is something about the NULL support inside the DB.

Also thought that may be the problem - I tried mariadb and sqlite, tried both with empty socket field and with some data inside. I can try postgre/dbtext as well. In case of mariadb I was uploading a dump of uac and versions table only on startup, in case of sqlite it was a clean full database file which I copy into docker container on startup. DB's were generated by kamdbctl tool

[henningw]

Not necessary, should be easy to reproduce it. I will have a look to it.

[henningw]

Fixed in the referenced commit in git master. After fixing one of the URLs in the quoted DB entry, I was able to login. As this is a public tracker, you might want to change your password. ;-)