New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid inbound binary data should not be logged with %s, and probably not as ERROR #3476
Comments
As this is SIP transport, we expect the packet received to be text and not binary. As for the log level, since it's an error, level 1 seems to be appropriate. What I can suggest is to filter the log by implementing your own log writer. |
I'd log the error message as is, but without data, at the ERROR level. I'd log a second message with data at the DEBUG level. The first (error) message can be used with fail2ban, to ban the IP addresses sending invalid packets. The second (debug) message can be used for SIP troubleshooting. The hex format is appropriate to check for special symbols (such as '\n'). If one wants to see packets in plain text format, then "pjsip set logger on" in Asterisk would do. Something like this:
The pjsip_tpmgr_receive_packet() function:
The logging function:
|
Thanks for the proposed fix. For the ASCII printing, I will leave it to the user/app to do inside |
…le moving the packet contents to 4 (pjsip#3476)
…le moving the packet contents to 4 (pjsip#3476)
Describe the bug
It appears my Asterisk is being probed for security vulnerabilities, and I am getting messages in the Asterisk log file like this one:
(1) The binary data dumped into the log file "as is" with %s is a bad practice for obvious reasons, It should be formatted as hex with printable ASCII and limited in length (e.g., to 64 or 128 bytes). The current code is below:
if (tmp.slen) { PJ_LOG(1, (THIS_FILE, "Error processing %ld bytes packet from %s %s:%d %.*s:\n" "%.*s\n" "-- end of packet.", msg_fragment_size, rdata->tp_info.transport->type_name, rdata->pkt_info.src_name, rdata->pkt_info.src_port, (int)tmp.slen, tmp.ptr, (int)msg_fragment_size, rdata->msg_info.msg_buf)); }
(2) It also shouldn't be logged as ERROR because at this level it's hard to get rid of these messages which in my case don't present an error at all but a nuisance. It could be logged as ERROR if it happened in a context of a valid connection. If it's just a random packet, it should be logged as a NOTICE or, better, DEBUG.
Thanks!
Steps to reproduce
N/A
PJSIP version
2.12.1, but the code is still present in master.
Context
N/A
Log, call stack, etc
The text was updated successfully, but these errors were encountered: