sr-dev October 2012

sr-dev@lists.kamailio.org

31 participants
241 discussions

git:3.3: modules_k/xcap_server: Fixed segmentation fault

by Peter Dunkley

Module: sip-router Branch: 3.3 Commit: 587d29a574d1898b761a590ee59bc8c06b403cd9 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=587d29a… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Tue Oct 9 21:07:10 2012 +0100 modules_k/xcap_server: Fixed segmentation fault - Occurs when attempting to do an etag compare when there is no document/etag in the database. (cherry picked from commit d29cfab1584b8bc2672b4242a2626d9dc90c77a2) --- modules_k/xcap_server/xcap_server.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/modules_k/xcap_server/xcap_server.c b/modules_k/xcap_server/xcap_server.c index 7b44585..0d68bb0 100644 --- a/modules_k/xcap_server/xcap_server.c +++ b/modules_k/xcap_server/xcap_server.c @@ -1339,6 +1339,12 @@ static int check_preconditions(sip_msg_t *msg, str etag_hdr) static int check_match_header(str body, str *etag) { + if (etag == NULL) + return -1; + + if (etag->s || etag->len == 0) + return -1; + do { char *start_pos, *end_pos, *old_body_pos;

12 years, 1 month

git:master: modules_k/xcap_server: Fixed small mistake in last xcap_server fix

by Peter Dunkley

Module: sip-router Branch: master Commit: 10dafd75873f9f58037680e4d72cafc4c877583f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=10dafd7… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Wed Oct 10 10:49:16 2012 +0100 modules_k/xcap_server: Fixed small mistake in last xcap_server fix --- modules_k/xcap_server/xcap_server.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules_k/xcap_server/xcap_server.c b/modules_k/xcap_server/xcap_server.c index 0d68bb0..6d620f4 100644 --- a/modules_k/xcap_server/xcap_server.c +++ b/modules_k/xcap_server/xcap_server.c @@ -1342,7 +1342,7 @@ static int check_match_header(str body, str *etag) if (etag == NULL) return -1; - if (etag->s || etag->len == 0) + if (etag->s == NULL || etag->len == 0) return -1; do

12 years, 1 month

git:3.3: Merge branch '3.3' of ssh://git.sip-router.org/sip-router into 3.3

by Peter Dunkley

Module: sip-router Branch: 3.3 Commit: c210532ce7a2c26f8c09257d1d46ee2a641bdfb6 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c210532… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Wed Oct 10 10:50:32 2012 +0100 Merge branch '3.3' of ssh://git.sip-router.org/sip-router into 3.3 * '3.3' of ssh://git.sip-router.org/sip-router: core: Fix parser sdp bug. Reset connection IP for each stream. tcp: fix _wbufq_insert bug nathelper(k): nicer handling of no sdp in sdp_1918(...) ---

12 years, 1 month

git:master: modules_k/xcap_server: Fixed segmentation fault

by Peter Dunkley

Module: sip-router Branch: master Commit: d29cfab1584b8bc2672b4242a2626d9dc90c77a2 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d29cfab… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Tue Oct 9 21:07:10 2012 +0100 modules_k/xcap_server: Fixed segmentation fault - Occurs when attempting to do an etag compare when there is no document/etag in the database. --- modules_k/xcap_server/xcap_server.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/modules_k/xcap_server/xcap_server.c b/modules_k/xcap_server/xcap_server.c index 7b44585..0d68bb0 100644 --- a/modules_k/xcap_server/xcap_server.c +++ b/modules_k/xcap_server/xcap_server.c @@ -1339,6 +1339,12 @@ static int check_preconditions(sip_msg_t *msg, str etag_hdr) static int check_match_header(str body, str *etag) { + if (etag == NULL) + return -1; + + if (etag->s || etag->len == 0) + return -1; + do { char *start_pos, *end_pos, *old_body_pos;

12 years, 1 month

git:3.1: core: reset params pointers if there is a failure in parse_params( )

by Marius Zbihlei

Module: sip-router Branch: 3.1 Commit: a1d8cbbd60dff823546646a3d9c1e3df19913222 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=a1d8cbb… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Marius Zbihlei <marius.zbihlei(a)1and1.ro> Date: Tue Oct 9 16:30:24 2012 +0200 core: reset params pointers if there is a failure in parse_params() - patch by Jijo (cherry picked from commit b12c2df6ccb903e2ca22d34bb968f3ebc2712b89) --- parser/parse_param.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/parser/parse_param.c b/parser/parse_param.c index 90fe241..dd85155 100644 --- a/parser/parse_param.c +++ b/parser/parse_param.c @@ -550,6 +550,7 @@ int parse_params(str* _s, pclass_t _c, param_hooks_t* _h, param_t** _p) error: if (t) pkg_free(t); free_params(*_p); + *_p = 0; return -2; ok:

12 years, 1 month

TCP replace alias can cause core

by Jijo

We found a problem regarding TCP connection alias in the following code at tcp_main.c: int tcpconn_finish_connect( struct tcp_connection* c, union sockaddr_union* from) { : : /* remove all the aliases except the first one and re-add them * (there shouldn't be more then the 3 default aliases at this * stage) */ for (r=1; r<c->aliases; r++){ a=&c->con_aliases[r]; tcpconn_listrm(tcpconn_aliases_hash[a->hash], a, next, prev); } c->aliases=1; As TCP_ALIAS_REPLACE flag is set for the default TCP options value, in the function _tcpconn_add_alias_unsafe() a TCP connection alias can be moved from connection A to connection B based on the TCP alias hash. In this case, the number of aliases is incremented in the connection A, and decremented from connection B. However, in the connection B the number of aliases can reach zero (no alias). And the code above can be executed for connection B setting the number of aliases to 1 unconditionally. When this case happens, the connection B keeps an invalid alias (already excluded from connection B by tcpconn_add_alias_unsafe() function called from connection A). When the connection A is released, the aliases are also released, and this memory area can be filled with different data. As connection B has references to an invalid alias it can try to access invalid areas, and can crash Kamailio. This access happens, for example, when another alias is added to connection B. To fix it we include a check before the code: if (c->aliases>0) { for (r=1; r<c->aliases; r++){ a=&c->con_aliases[r]; tcpconn_listrm(tcpconn_aliases_hash[a->hash], a, next, prev); memset(a,0xbb,sizeof(struct tcp_conn_alias)); } c->aliases=1; } Please let us know if any comments. Thanks Jijo

12 years, 1 month

git:master: tcp: fix connection alias replacing

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: e71435b0276c89ef756fecf1bbd5e339b80e804c URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e71435b… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Wed Oct 10 10:02:00 2012 +0200 tcp: fix connection alias replacing When the TCP_ALIAS_REPLACE is set and an alias has to be added to a connection that had 0 aliases (it can happen due to TCP_ALIAS_REPLACE flag), the connection aliases count was wrongly forced to 1. For more details see: http://lists.sip-router.org/pipermail/sr-users/2012-October/074932.html Patch-by Jijo --- tcp_main.c | 11 +++++++---- 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/tcp_main.c b/tcp_main.c index 2c4bf82..9d3359e 100644 --- a/tcp_main.c +++ b/tcp_main.c @@ -1339,11 +1339,14 @@ int tcpconn_finish_connect( struct tcp_connection* c, /* remove all the aliases except the first one and re-add them * (there shouldn't be more then the 3 default aliases at this * stage) */ - for (r=1; r<c->aliases; r++){ - a=&c->con_aliases[r]; - tcpconn_listrm(tcpconn_aliases_hash[a->hash], a, next, prev); + if (c->aliases > 1) { + for (r=1; r<c->aliases; r++){ + a=&c->con_aliases[r]; + tcpconn_listrm(tcpconn_aliases_hash[a->hash], + a, next, prev); + } + c->aliases=1; } - c->aliases=1; /* add the local_ip:0 and local_ip:local_port aliases */ _tcpconn_add_alias_unsafe(c, c->rcv.src_port, &c->rcv.dst_ip, 0, new_conn_alias_flags);

12 years, 1 month

kamailio cores on corrupted route header

by Jijo

Hello, kamailio cores when receives a corrupted route header. For example, this was causing the core. Route: sip:10.236.236.100;transport=tcp;r2=on;lr;ftag=1348218287134-Test-553188;osb-tag=NM;nat=yes;twan=yes?[=& [=<sip:10.236.236.100;transport=tcp;r2=on;lr;ftag=1348218287134-Test-553188;osb-tag=NM;nat=yes;twan=yes?[=&%20[=> I found the problem, the pointer was not initializing to null after freeing it. Please apply this fix in the next version. Here is the diff with the original(3.2.2) and changed version. PGA:/mnt/o/kamailio-3.2.2/parser # diff -u parse_param.c.orig parse_param.c --- parse_param.c.orig 2012-10-09 09:42:58.372003500 -0300 +++ parse_param.c 2012-10-09 21:34:14.556367900 -0300 @@ -545,6 +545,7 @@ error: if (t) pkg_free(t); free_params(*_p); + *_p = 0; return -2; ok: Thanks Jijo

12 years, 1 month

git:master: core: reset params pointers if there is a failure in parse_params()

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: b12c2df6ccb903e2ca22d34bb968f3ebc2712b89 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b12c2df… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Tue Oct 9 16:30:24 2012 +0200 core: reset params pointers if there is a failure in parse_params() - patch by Jijo --- parser/parse_param.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/parser/parse_param.c b/parser/parse_param.c index 845292a..16e27d5 100644 --- a/parser/parse_param.c +++ b/parser/parse_param.c @@ -555,6 +555,7 @@ int parse_params(str* _s, pclass_t _c, param_hooks_t* _h, param_t** _p) error: if (t) pkg_free(t); free_params(*_p); + *_p = 0; return -2; ok:

12 years, 1 month

git:master: tm: set log level to debug for negative return code of run_top_route()

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: 038780fdf40c8d5d3694538f199411810fad7a0e URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=038780f… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Tue Oct 9 12:29:09 2012 +0200 tm: set log level to debug for negative return code of run_top_route() - it returns the code of last execution action, negative return is not necessary an error --- modules/tm/t_fwd.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/tm/t_fwd.c b/modules/tm/t_fwd.c index 38312a2..82a89f9 100644 --- a/modules/tm/t_fwd.c +++ b/modules/tm/t_fwd.c @@ -338,7 +338,7 @@ static int prepare_new_uac( struct cell *t, struct sip_msg *i_req, if (run_top_route(branch_rt.rlist[branch_route], i_req, &ctx) < 0) { - LOG(L_ERR, "Error in run_top_route\n"); + LOG(L_DBG, "negative return code in run_top_route\n"); } /* update dst send_flags and send socket*/ snd_flags=i_req->fwd_send_flags;

12 years, 1 month

← Newer
1
...
17
18
19
20
21
22
23
24
25
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev October 2012