[asterisk-dev] Re: chan_sip.c - get_header() segmentation fault

Thomas Hecker thomas.hecker at gmail.com
Fri Mar 16 07:38:48 MST 2007


I think, there is somewhere a bug in the add_header function.

Because if I try to get the from Header (get_header(req, "From");   ) of an
INVITE message I get the following output (with manipulated get_header()
below):

This is 0. for run: INVITE sip:4961319208114 at hecker.dynalias.com SIP/2.0
Via: SIP/2.0/UDP 192.168.178.31:5060;branch=z9hG4bK436ce926;rport
From: "asterisk" <sip:asterisk at 192.168.178.31>;tag=as2e3188a0
To: <sip:4961319208114 at hecker.dynalias.com>
Contact: <sip:asterisk at 192.168.178.31>
Call-ID: 1ab26a851ba858441987f18d5beab90e at 192.168.178.31
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70

This is 1. for run: Via: SIP/2.0/UDP 192.168.178.31:5060
;branch=z9hG4bK436ce926;rport
From: "asterisk" <sip:asterisk at 192.168.178.31>;tag=as2e3188a0
To: <sip:4961319208114 at hecker.dynalias.com>
Contact: <sip:asterisk at 192.168.178.31>
Call-ID: 1ab26a851ba858441987f18d5beab90e at 192.168.178.31
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70

This is 2. for run: (null)
Segmentation fault (core dumped)

with the following code:
static const char *__get_header(const struct sip_request *req, const char
*name, int *start)
{
    int pass;

    for (pass = 0; name && pass < 2;pass++) {
        int x, len = strlen(name);
        for (x=*start; x<req->headers; x++) {
            ast_verbose("This is %d for run: %s \n", x, req->header[x]);
            if (!strncasecmp(req->header[x], name, len)) {
                char *r = req->header[x] + len;    /* skip name */

                if (pedanticsipchecking)
                    r = ast_skip_blanks(r);
                if (*r == ':') {
                    *start = x+1;
                    return ast_skip_blanks(r+1);
                }
            }
        }
        if (pass == 0) /* Try aliases */
            name = find_alias(name, NULL);
    }
    /* Don't return NULL, so get_header is always a valid pointer */
    return "";
}

So, if it finds the right line segfault occurs because the header[2] pointer
is set to null.

But I'm not good enough to find the reason, why this pointer isn't set up
correctly..
Any hints?

Thank you!


On 15/03/07, Thomas Hecker <thomas.hecker at gmail.com> wrote:
>
> Hi,
>
> at the end of chan_sip.c's initreqprep() function all the headers are
> added to the sip message:
>
>     add_header(req, "To", to);
>     ast_string_field_set(p, exten, l);
>     build_contact(p);
>     add_header(req, "Contact", p->our_contact);
>     add_header(req, "Call-ID", p->callid);
>     add_header(req, "CSeq", tmp);
>     add_header(req, "User-Agent", global_useragent);
>     add_header(req, "Max-Forwards", DEFAULT_MAX_FORWARDS);
>
> But when I try to get one of these values with a call to
>     get_header(req, "Contact") subsequent to the add_headers I get a
> segmentation fault.
>
> Anybody has an Idea why?
>
> Thank you very much!
> Thomas Hecker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-dev/attachments/20070316/fef9d5ba/attachment-0001.htm


More information about the asterisk-dev mailing list