search

sipcapture / heplify-server

HEP Capture Server for HOMER
https://sipcapture.org
GNU Affero General Public License v3.0
186 stars 87 forks source link

heplify-server stopped executing unexpectedly #91

Closed sve71 closed 6 years ago

sve71 commented 6 years ago

Hi,

I started heplify-sever on last Friday with: ./heplify-server&

Today I saw this:

panic: runtime error: slice bounds out of range

goroutine 40 [running]:
github.com/negbie/heplify-server.(*HEP).parseHEP(0xc4226a5110, 0xc422d3e000, 0x20f, 0x2000, 0xa34680, 0xc4200727e0)
        /home/negbie/go/src/github.com/negbie/heplify-server/decoder.go:126 +0x98e
github.com/negbie/heplify-server.(*HEP).parse(0xc4226a5110, 0xc422d3e000, 0x20f, 0x2000, 0xc421a2a500, 0x90c101)
        /home/negbie/go/src/github.com/negbie/heplify-server/decoder.go:72 +0x5c1
github.com/negbie/heplify-server.DecodeHEP(0xc422d3e000, 0x20f, 0x2000, 0xc4219d1e97, 0x0, 0x0)
        /home/negbie/go/src/github.com/negbie/heplify-server/decoder.go:62 +0x62
github.com/negbie/heplify-server/server.(*HEPInput).hepWorker(0xc4217220c0, 0xc42008a540)
        /home/negbie/go/src/github.com/negbie/heplify-server/server/hep.go:236 +0x1e5
github.com/negbie/heplify-server/server.(*HEPInput).Run.func1(0xc4217220c0)
        /home/negbie/go/src/github.com/negbie/heplify-server/server/hep.go:80 +0x79
created by github.com/negbie/heplify-server/server.(*HEPInput).Run
        /home/negbie/go/src/github.com/negbie/heplify-server/server/hep.go:77 +0x204

Can anybody tell what was wrong with my instance of heplify-server?

negbie commented 6 years ago

Hi, it seems you have a malformed hep packet and reached this line chunkBody := hepChunk[6:chunkLength]

I thought I have enough checks that this case never occurs but it seems I must have missed one case. Lets go through my checks.

  1. First I check if the packetlength is the same like the heplength this is how it looks like in code: 
    if int(length) != len(packet) {
    return fmt.Errorf("HEP packet length is %d but should be %d", len(packet), length)
}
  2. For every chunck I check if the chuncklength isn't greater than the remaining hepChunks: 
        if len(hepChunk) < int(chunkLength) {
        return fmt.Errorf("HEP chunk overflow %d > %d", chunkLength, len(hepChunk))
    }
  3. You get to following line and heplify-server crashes: chunkBody := hepChunk[6:chunkLength]

Since chunkLength couldn't be greater than hepChunk due to the 2. check this means chunkLength is < 6

So I will change the 2. check to


        if len(hepChunk) < int(chunkLength) || int(chunkLength) < 6 {
            return fmt.Errorf("HEP chunkLength is wrong %d len hepChunk %d", chunkLength, len(hepChunk))
        }
negbie commented 6 years ago

I will release today or mby tomorrow a new release with the fix. When you use heplify as hep client you can avoid hep and use protobuf. Simply run heplify with -protobuf flag

negbie commented 6 years ago

Latest release has a stronger hep validation and should catch your corner case. https://github.com/sipcapture/heplify-server/releases

negbie commented 6 years ago

If you still have issues feel free to reopen.