Module: sip-router
Branch: sr_3.0
Commit: 173ec2af5eb41dcc03df4739ecaa229cb98ab6e1
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=173ec2a…
Author: Miklos Tirpak <miklos(a)iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Date: Thu Sep 30 10:42:57 2010 +0200
tm: t_save_lumps() verifies the route type
Even though the t_save_lumps() function is registered only for
request route, in some corner case, the function might be called
from failure_route. (For example a failure route executes a request
route block which calls this function.)
This scenario resulted in overwriting the already cloned lump list
which is not allowed because of the lockless read, and also
resulted in a memory leak.
An extra check is also added to save_msg_lumps() to catch this bug.
(cherry picked from commit a7bbaf7cd83b5d044ff8c7fff7b19c7ff392da74)
---
modules/tm/sip_msg.c | 8 ++++++++
modules/tm/tm.c | 22 ++++++++++++----------
2 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/modules/tm/sip_msg.c b/modules/tm/sip_msg.c
index e7bebcc..ab093f8 100644
--- a/modules/tm/sip_msg.c
+++ b/modules/tm/sip_msg.c
@@ -116,6 +116,14 @@ int save_msg_lumps( struct sip_msg *shm_msg, struct sip_msg *pkg_msg)
return -1;
}
+#ifdef EXTRA_DEBUG
+ membar_depends();
+ if (shm_msg->add_rm || shm_msg->body_lumps || shm_msg->reply_lump) {
+ LOG(L_ERR, "ERROR: save_msg_lumps: BUG, trying to overwrite the already cloned lumps\n");
+ return -1;
+ }
+#endif
+
/* needless to clone the lumps for ACK, they will not be used again */
if (shm_msg->REQ_METHOD == METHOD_ACK)
return 0;
diff --git a/modules/tm/tm.c b/modules/tm/tm.c
index 69106a5..ed46e53 100644
--- a/modules/tm/tm.c
+++ b/modules/tm/tm.c
@@ -1811,17 +1811,19 @@ static int w_t_save_lumps(struct sip_msg* msg, char* foo, char* bar)
#ifdef POSTPONE_MSG_CLONING
struct cell *t;
- t=get_t();
- if (!t || t==T_UNDEFINED) {
- LOG(L_ERR, "ERROR: w_t_save_lumps: transaction has not been created yet\n");
- return -1;
- }
+ if (is_route_type(REQUEST_ROUTE)) {
+ t=get_t();
+ if (!t || t==T_UNDEFINED) {
+ LOG(L_ERR, "ERROR: w_t_save_lumps: transaction has not been created yet\n");
+ return -1;
+ }
- if (save_msg_lumps(t->uas.request, msg)) {
- LOG(L_ERR, "ERROR: w_t_save_lumps: "
- "failed to save the message lumps\n");
- return -1;
- }
+ if (save_msg_lumps(t->uas.request, msg)) {
+ LOG(L_ERR, "ERROR: w_t_save_lumps: "
+ "failed to save the message lumps\n");
+ return -1;
+ }
+ } /* else nothing to do, the lumps have already been saved */
return 1;
#else
LOG(L_ERR, "ERROR: w_t_save_lumps: POSTPONE_MSG_CLONING is not defined,"
Module: sip-router
Branch: sr_3.0
Commit: 110e301b7b7a6b8dedf7b8966cda799799090be9
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=110e301…
Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Date: Tue Sep 21 14:13:17 2010 +0200
iptrtpproxy: minor doc updates
- minor fixes + note about setting iptdir in Makefile
- README regenerated
(cherry picked from commit b0f583306656a2d4d5be1e9fd5e0189675dfd676)
---
modules/iptrtpproxy/README | 13 ++++++++++---
modules/iptrtpproxy/doc/iptrtpproxy.xml | 30 +++++++++++++++++++++++-------
2 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/modules/iptrtpproxy/README b/modules/iptrtpproxy/README
index 7854b36..4a02c94 100644
--- a/modules/iptrtpproxy/README
+++ b/modules/iptrtpproxy/README
@@ -32,9 +32,9 @@ Tomas Mandys
It provides similar functionality as nathelper but communicates with
netfilter kernel xt_RTPPROXY module using libipt_RTPPROXY userspace
- library. See http://www.2p.cz/en/netfilter_rtp_proxy All RTP streams
- are manipulated directly in kernel space, no data are copied from
- kernel to userspace and back, it reduces load and delay.
+ library. All RTP streams are manipulated directly in kernel space, no
+ data is copied from kernel to userspace and back, it reduces load and
+ delay. See http://www.2p.cz/en/netfilter_rtp_proxy for more details.
The ser module is written as light-weighted, there is not implemented
any dialog managment as in nathelper, the reason is that such API
@@ -60,6 +60,13 @@ Tomas Mandys
* netfilter xt_RTPROXY & libipt_RTPPROXY, see
http://www.2p.cz/en/netfilter_rtp_proxy
+Note
+
+ The module Makefile must be edited and iptdir setup to the directory
+ with the iptable sources (if different from ~/iptables). Alternatively
+ compile the module using:
+ make -C modules/iptrtpproxy iptdir=path_to_iptables_src
+
1.3. Parameters
1.3.1. config (string)
diff --git a/modules/iptrtpproxy/doc/iptrtpproxy.xml b/modules/iptrtpproxy/doc/iptrtpproxy.xml
index 7c9e039..10cfcc6 100644
--- a/modules/iptrtpproxy/doc/iptrtpproxy.xml
+++ b/modules/iptrtpproxy/doc/iptrtpproxy.xml
@@ -1,6 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [ <!ENTITY % local.common.attrib
+ "xmlns:xi CDATA #FIXED 'http://www.w3.org/2001/XInclude'">
+ <!-- Include general documentation entities -->
+ <!ENTITY % docentities SYSTEM "../../../docbook/entities.xml">
+ %docentities;
+ ]
+>
<section id="iptrtpproxy" xmlns:xi="http://www.w3.org/2001/XInclude">
<sectioninfo>
@@ -34,11 +41,12 @@
<para>
It provides similar functionality as <emphasis>nathelper</emphasis> but
communicates with <emphasis>netfilter</emphasis> kernel <emphasis>xt_RTPPROXY</emphasis> module using
- <emphasis>libipt_RTPPROXY</emphasis> userspace library.
- See <ulink url="http://www.2p.cz/en/netfilter_rtp_proxy">http://www.2p.cz/en/netfilter_rtp_proxy</ulink>
- All RTP streams are
- manipulated directly in kernel space, no data are copied from
- kernel to userspace and back, it reduces load and delay.
+ <emphasis>libipt_RTPPROXY</emphasis> userspace library.
+ All RTP streams are
+ manipulated directly in kernel space, no data is copied from
+ kernel to userspace and back, it reduces load and delay.
+ See <ulink url="http://www.2p.cz/en/netfilter_rtp_proxy">
+ http://www.2p.cz/en/netfilter_rtp_proxy</ulink> for more details.
</para>
<para>
@@ -92,6 +100,14 @@
</listitem>
</itemizedlist>
</para>
+ <note><para>
+ The module Makefile must be edited and iptdir setup to the directory with
+ the iptable sources (if different from ~/iptables). Alternatively
+ compile the module using:
+ <programlisting>
+ make -C modules/iptrtpproxy iptdir=path_to_iptables_src
+ </programlisting>
+ </para></note>
</section>
<section id="iptrtpproxy.parameters">
Module: sip-router
Branch: sr_3.0
Commit: ed34b906df35e4502145fefd118c11df772f0f03
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ed34b90…
Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Date: Sun Sep 26 21:28:47 2010 +0200
core: switch(string) memleak fix
When a switch(string) is used and one of the case blocks exits the
script (by drop, exit or a module function that causes the script
to end), the dynamic string rvals were not cleaned up.
This happened because run_actions() uses longjmp() to quickly end
the script (skipping this way over the cleanups done after the
run_actions() call).
Reported-by: Daniel-Constantin Mierla <miconda(a)gmail.com>
Reported-by: C�sar Pinto Mag�n Cesar.Pinto a-e es
(cherry picked from commit 6ab93de37f2f1991d3406f52ac9502a7c795ef55)
---
action.c | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/action.c b/action.c
index 4edf023..315cffb 100644
--- a/action.c
+++ b/action.c
@@ -1089,17 +1089,39 @@ sw_jt_def:
regexec(mct->match[i].l.regex, s.s, 0, 0, 0) == 0)
){
if (likely(mct->jump[i])){
+ /* make sure we cleanup first, in case run_actions()
+ exits the script directly via longjmp() */
+ if (rv1){
+ rval_destroy(rv1);
+ rval_destroy(rv);
+ rval_cache_clean(&c1);
+ }else if (rv){
+ rval_destroy(rv);
+ rval_cache_clean(&c1);
+ }
ret=run_actions(h, mct->jump[i], msg);
h->run_flags &= ~BREAK_R_F; /* catch breaks, but let
returns passthrough */
+ break;
}
goto match_cleanup;
}
match_cond_def:
if (mct->def){
+ /* make sure we cleanup first, in case run_actions()
+ exits the script directly via longjmp() */
+ if (rv1){
+ rval_destroy(rv1);
+ rval_destroy(rv);
+ rval_cache_clean(&c1);
+ }else if (rv){
+ rval_destroy(rv);
+ rval_cache_clean(&c1);
+ }
ret=run_actions(h, mct->def, msg);
h->run_flags &= ~BREAK_R_F; /* catch breaks, but let
returns passthrough */
+ break;
}
match_cleanup:
if (rv1){