sr-dev November 2011

sr-dev@lists.kamailio.org

31 participants
340 discussions

git:master: Makefile.modules: printmiface - new target to print module interface define

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: 6fb2e27d0f9db5191b8939df69e23ef12f3b6d1d URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6fb2e27… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Fri Nov 25 18:38:24 2011 +0100 Makefile.modules: printmiface - new target to print module interface define --- Makefile.modules | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/Makefile.modules b/Makefile.modules index 1e198d6..303a7af 100644 --- a/Makefile.modules +++ b/Makefile.modules @@ -75,6 +75,14 @@ override static_modules_path= # temporary def (visible only in the module, not exported) DEFS += -DMOD_NAME='"$(MOD_NAME)"' + +ifeq (,$(findstring -DSER_MOD_INTERFACE, $(DEFS))) + MODIFACE=-DOPENSER_MOD_INTERFACE +else + MODIFACE=-DSER_MOD_INTERFACE +endif + + ifneq ($(makefile_defs_included),1) $(error "the local makefile does not include Makefile.defs!") endif @@ -297,6 +305,10 @@ man: endif + +printmiface: + @echo $(MODIFACE) + endif # ifeq($(makefile_defs),1) include $(COREPATH)/Makefile.cfg

13 years

[tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#173 - Double Free -- Crash/Coredump and possible security vulnerability User who did this - Daniel-Constantin Mierla (miconda) ---------- The crash for the new version of dlg ref is at shut down. Did you stop the sip server? ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=173#comment401 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

[tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#173 - Double Free -- Crash/Coredump and possible security vulnerability User who did this - Daniel-Constantin Mierla (miconda) ---------- Do you have the backtrace for the case with the patch (workaround)? ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=173#comment400 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

[tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#173 - Double Free -- Crash/Coredump and possible security vulnerability User who did this - Brandon Armstead (CRYY2010) ---------- Dialog New Ref *** CRASH *** [New process 22271] #0 0x00007f6d164e8ad2 in dlg_lookup (h_entry=2849, h_id=1192025086) at dlg_hash.c:442 442 if (h_entry>=d_table->size) (gdb) bt #0 0x00007f6d164e8ad2 in dlg_lookup (h_entry=2849, h_id=1192025086) at dlg_hash.c:442 #1 0x00007f6d164e0725 in unref_dlg_from_cb (t=<value optimized out>, type=1192025086, param=0x7fff21c7a460) at dlg_handlers.c:964 #2 0x00007f6d1673db19 in run_trans_callbacks_internal (cb_lst=0x7f6d017c9b20, type=32768, trans=0x7f6d017c9ab0, params=0x7fff21c7a460) at t_hooks.c:290 #3 0x00007f6d1673dd86 in run_trans_callbacks (type=32768, trans=<value optimized out>, req=0x0, rpl=0x7f6d1670cc68, code=0) at t_hooks.c:317 #4 0x00007f6d167238c6 in free_cell (dead_cell=0x7f6d017c9ab0) at h_table.c:152 #5 0x00007f6d16723af0 in free_hash_table () at h_table.c:443 #6 0x00007f6d16734875 in tm_shutdown () at t_funcs.c:126 #7 0x00000000004e068f in destroy_modules () at sr_module.c:783 #8 0x00000000004655d0 in cleanup (show_status=1) at main.c:564 #9 0x00000000004662a4 in shutdown_children (sig=<value optimized out>, show_status=1) at main.c:706 #10 0x0000000000466c7b in handle_sigs () at main.c:797 #11 0x0000000000467bb6 in main_loop () at main.c:1741 #12 0x000000000046b22c in main (argc=<value optimized out>, argv=0x7fff21c7a888) at main.c:2508 (gdb) bt full #0 0x00007f6d164e8ad2 in dlg_lookup (h_entry=2849, h_id=1192025086) at dlg_hash.c:442 dlg = <value optimized out> d_entry = <value optimized out> #1 0x00007f6d164e0725 in unref_dlg_from_cb (t=<value optimized out>, type=1192025086, param=0x7fff21c7a460) at dlg_handlers.c:964 dlg = <value optimized out> iuid = (dlg_iuid_t *) 0xb21 #2 0x00007f6d1673db19 in run_trans_callbacks_internal (cb_lst=0x7f6d017c9b20, type=32768, trans=0x7f6d017c9ab0, params=0x7fff21c7a460) at t_hooks.c:290 cbp = (struct tm_callback *) 0x7f6d018fe5e8 backup_from = (avp_list_t *) 0x8d0310 backup_to = (avp_list_t *) 0x8d0318 backup_dom_from = (avp_list_t *) 0x8d0320 backup_dom_to = (avp_list_t *) 0x8d0328 backup_uri_from = (avp_list_t *) 0x8d0300 backup_uri_to = (avp_list_t *) 0x8d0308 backup_xavps = (sr_xavp_t **) 0x8d0410 #3 0x00007f6d1673dd86 in run_trans_callbacks (type=32768, trans=<value optimized out>, req=0x0, rpl=0x7f6d1670cc68, code=0) at t_hooks.c:317 params = {req = 0x0, rpl = 0x0, param = 0x7f6d018fe5f8, code = 0, flags = 0, branch = 0, t_rbuf = 0x0, dst = 0x0, send_buf = {s = 0x0, len = 0}} #4 0x00007f6d167238c6 in free_cell (dead_cell=0x7f6d017c9ab0) at h_table.c:152 b = <value optimized out> i = <value optimized out> rpl = <value optimized out> tt = <value optimized out> foo = <value optimized out> cbs = <value optimized out> __FUNCTION__ = "free_cell" #5 0x00007f6d16723af0 in free_hash_table () at h_table.c:443 p_cell = (struct cell *) 0xb21 tmp_cell = (struct cell *) 0x7f6d0164cd18 __FUNCTION__ = "free_hash_table" #6 0x00007f6d16734875 in tm_shutdown () at t_funcs.c:126 No locals. #7 0x00000000004e068f in destroy_modules () at sr_module.c:783 t = <value optimized out> foo = (struct sr_module *) 0x7f6d1832f810 __FUNCTION__ = "destroy_modules" #8 0x00000000004655d0 in cleanup (show_status=1) at main.c:564 memlog = <value optimized out> __FUNCTION__ = "cleanup" #9 0x00000000004662a4 in shutdown_children (sig=<value optimized out>, show_status=1) at main.c:706 No locals. #10 0x0000000000466c7b in handle_sigs () at main.c:797 chld = 0 chld_status = 139 memlog = <value optimized out> #11 0x0000000000467bb6 in main_loop () at main.c:1741 i = 8 pid = <value optimized out> si = (struct socket_info *) 0x0 si_desc = "udp receiver child=7 sock=67.228.177.9:5060\000\000\000\000\000`+\205\030m\177\000\000\001\000\000\000m\177\000\000\016\b", '\0' <repeats 22 times>, "\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\003\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\b\000\000\000\000\000\000" #12 0x000000000046b22c in main (argc=<value optimized out>, argv=0x7fff21c7a888) at main.c:2508 ---Type <return> to continue, or q <return> to quit---q ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=173#comment399 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

[tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#173 - Double Free -- Crash/Coredump and possible security vulnerability User who did this - Brandon Armstead (CRYY2010) ---------- I just experienced a crash with the work-around. I'm going to try the dlg new reference. ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=173#comment398 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

[tracker] Comment added: Kamailio / Crash / Textops (302 Redirect)

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#181 - Kamailio / Crash / Textops (302 Redirect) User who did this - Brandon Armstead (CRYY2010) ---------- Confirming once more - I think we're good to go :) no crash all day, thanks! ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=181#comment397 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

[tracker] Comment added: DOUBLE FREE / CRASH in parse_to.c

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#180 - DOUBLE FREE / CRASH in parse_to.c User who did this - Daniel-Constantin Mierla (miconda) ---------- The issue happened in pv module, tobody transformation. But I cannot see it used in your onreply_route block -- maybe there is another onreply_route executed in this case. I just pushed a patch on master branch: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6299704… In your git branch 3.2, do: git pull origin git cherry-pick -x 6299704ebb280214f35fc86968d86be972219e51 It should be picked up without conflicts. The issue happens when there is an error in parsing To parameters for tobody transformation and probably is happening in many older versions. If is going to work ok, then I will backport to 3.2/3.1. ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=180#comment396 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

[tracker] Comment added: Kamailio / Crash / Textops (302 Redirect)

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#181 - Kamailio / Crash / Textops (302 Redirect) User who did this - Brandon Armstead (CRYY2010) ---------- Looks like it worked - seems to have resolved the crash, thank you! ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=181#comment395 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

git:master: parser: don't free on error To param linked in to_body struct

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: 6299704ebb280214f35fc86968d86be972219e51 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6299704… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Thu Nov 24 17:22:26 2011 +0100 parser: don't free on error To param linked in to_body struct - if a To header parameter was already linked in to_body struct, don't free if there is a parsing error for it later, it will be freed by free_to_params() - reported by Bayan Towfiq in FS#180 --- parser/parse_to.c | 36 +++++++++++++++++------------------- 1 files changed, 17 insertions(+), 19 deletions(-) diff --git a/parser/parse_to.c b/parser/parse_to.c index bcd0bd0..cb2ea75 100644 --- a/parser/parse_to.c +++ b/parser/parse_to.c @@ -53,7 +53,7 @@ enum { -#define add_param( _param , _body ) \ +#define add_param( _param , _body , _newparam ) \ do{\ DBG("DEBUG: add_param: %.*s=%.*s\n",param->name.len,ZSW(param->name.s),\ param->value.len,ZSW(param->value.s));\ @@ -62,6 +62,7 @@ enum { (_body)->last_param =(_param);\ if ((_param)->type==TAG_PARAM)\ memcpy(&((_body)->tag_value),&((_param)->value),sizeof(str));\ + _newparam = 0;\ }while(0); @@ -73,11 +74,13 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, int *returned_status) { struct to_param *param; + struct to_param *newparam; int status; int saved_status; char *tmp; param=0; + newparam=0; status=E_PARA_VALUE; saved_status=E_PARA_VALUE; for( tmp=buffer; tmp<end; tmp++) @@ -99,7 +102,7 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, case PARA_VALUE_TOKEN: param->value.len = tmp-param->value.s; status = E_PARA_VALUE; - add_param( param , to_b ); + add_param(param, to_b, newparam); break; case F_CRLF: case F_LF: @@ -132,7 +135,7 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, param->value.len = tmp-param->value.s; saved_status = E_PARA_VALUE; status = F_LF; - add_param( param , to_b ); + add_param(param, to_b, newparam); break; case F_CR: status=F_CRLF; @@ -171,7 +174,7 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, param->value.len = tmp-param->value.s; saved_status = E_PARA_VALUE; status = F_CR; - add_param( param , to_b ); + add_param(param, to_b, newparam); break; case F_CRLF: case F_CR: @@ -202,7 +205,7 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, case PARA_VALUE_TOKEN: status = E_PARA_VALUE; param->value.len = tmp-param->value.s; - add_param( param , to_b ); + add_param(param , to_b, newparam); case E_PARA_VALUE: saved_status = status; goto endofheader; @@ -242,7 +245,7 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, break; case PARA_VALUE_QUOTED: param->value.len=tmp-param->value.s; - add_param( param , to_b ); + add_param(param, to_b, newparam); status = E_PARA_VALUE; break; case F_CRLF: @@ -277,7 +280,7 @@ static /*inline*/ char* parse_to_param(char *buffer, char *end, case PARA_VALUE_TOKEN: param->value.len=tmp-param->value.s; semicolon_add_param: - add_param(param,to_b); + add_param(param, to_b, newparam); case E_PARA_VALUE: param = (struct to_param*) pkg_malloc(sizeof(struct to_param)); @@ -289,6 +292,8 @@ semicolon_add_param: memset(param,0,sizeof(struct to_param)); param->type=GENERAL_PARAM; status = S_PARA_NAME; + /* link to free mem if not added in to_body list */ + newparam = param; break; case F_CRLF: case F_LF: @@ -483,19 +488,19 @@ endofheader: /* parameter without '=', e.g. foo */ param->value.s=0; param->value.len=0; - add_param(param, to_b); + add_param(param, to_b, newparam); saved_status=E_PARA_VALUE; break; case S_PARA_VALUE: /* parameter with null value, e.g. foo= */ param->value.s=tmp; param->value.len=0; - add_param(param, to_b); + add_param(param, to_b, newparam); saved_status=E_PARA_VALUE; break; case PARA_VALUE_TOKEN: param->value.len=tmp-param->value.s; - add_param(param, to_b); + add_param(param, to_b, newparam); saved_status=E_PARA_VALUE; break; case E_PARA_VALUE: @@ -510,7 +515,7 @@ endofheader: return tmp; error: - if (param) pkg_free(param); + if (newparam) pkg_free(newparam); to_b->error=PARSE_ERROR; *returned_status = status; return tmp; @@ -527,15 +532,8 @@ char* parse_to(char* buffer, char *end, struct to_body *to_b) saved_status=START_TO; /* fixes gcc 4.x warning */ status=START_TO; + memset(to_b, 0, sizeof(struct to_body)); to_b->error=PARSE_OK; - to_b->uri.len = 0; - to_b->uri.s= 0; - to_b->display.len = 0; - to_b->display.s = 0; - to_b->tag_value.len = 0; - to_b->tag_value.s = 0; - to_b->param_lst = 0; - to_b->last_param = 0; foo=0; for( tmp=buffer; tmp<end; tmp++)

13 years

[tracker] Comment added: DOUBLE FREE / CRASH in parse_to.c

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#180 - DOUBLE FREE / CRASH in parse_to.c User who did this - Bayan Towfiq (btowfiq) ---------- 3.2 ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=180#comment394 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years

← Newer
1
...
8
9
10
11
12
13
14
...
34
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev November 2011