sr-dev February 2023

sr-dev@lists.kamailio.org

10 participants
297 discussions

git:5.6:74416f1f: topos: use proper field for datetime value
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: 74416f1fe93dad9ce62c1f31daeb6385d92c3f74 URL: https://github.com/kamailio/kamailio/commit/74416f1fe93dad9ce62c1f31daeb638… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:55:17+01:00 topos: use proper field for datetime value (cherry picked from commit 446892331900c2303e531da55bcb494ccb2d8bce) --- Modified: src/modules/topos/tps_storage.c --- Diff: https:/… [View More]

1 0

git:5.6:a914333b: ctl: doc - binrpc_buffer_size can get only integer value
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: a914333bbac7b52943dc8d9d58bf15614b6497d5 URL: https://github.com/kamailio/kamailio/commit/a914333bbac7b52943dc8d9d58bf156… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:54:17+01:00 ctl: doc - binrpc_buffer_size can get only integer value (cherry picked from commit 44381746e0e826e8db04597942fa4cee6cbf9175) --- Modified: src/modules/ctl/doc/ctl_params.xml --… [View More]

1 0

git:5.6:89a65b84: async: catch up on possible skipped slots due to slow tasks
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: 89a65b849a392fea8a46b1e6ae8309c764cdf81e URL: https://github.com/kamailio/kamailio/commit/89a65b849a392fea8a46b1e6ae8309c… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:53:51+01:00 async: catch up on possible skipped slots due to slow tasks (cherry picked from commit 0a3c15239a620474bbbc7f4d2f57dda0e9aa0f58) --- Modified: src/modules/async/async_sleep.c --… [View More]- Diff: https://github.com/kamailio/kamailio/commit/89a65b849a392fea8a46b1e6ae8309c… Patch: https://github.com/kamailio/kamailio/commit/89a65b849a392fea8a46b1e6ae8309c… --- diff --git a/src/modules/async/async_sleep.c b/src/modules/async/async_sleep.c index 02c3b8d488f..d6dd41d3f17 100644 --- a/src/modules/async/async_sleep.c +++ b/src/modules/async/async_sleep.c @@ -271,9 +271,12 @@ int async_sleep(sip_msg_t *msg, int seconds, cfg_action_t *act, str *cbname) return 0; } +static unsigned int _async_timer_exec_last_slot = -1; + void async_timer_exec(unsigned int ticks, void *param) { - int slot; + unsigned int idx; + unsigned int slot; async_item_t *ai; sr_kemi_eng_t *keng = NULL; str cbname = STR_NULL; @@ -282,33 +285,55 @@ void async_timer_exec(unsigned int ticks, void *param) if(_async_list_head == NULL) return; - slot = ticks % ASYNC_RING_SIZE; + idx = ticks % ASYNC_RING_SIZE; - while(1) { - lock_get(&_async_list_head->ring[slot].lock); - ai = _async_list_head->ring[slot].lstart; - if(ai != NULL) - _async_list_head->ring[slot].lstart = ai->next; - lock_release(&_async_list_head->ring[slot].lock); + if(idx == _async_timer_exec_last_slot) { + /* timer faster than 1sec */ + return; + } - if(ai == NULL) - break; - if(ai->ract != NULL) { - tmb.t_continue(ai->tindex, ai->tlabel, ai->ract); - ksr_msg_env_reset(); - } else { - keng = sr_kemi_eng_get(); - if(keng != NULL && ai->cbname_len>0) { - cbname.s = ai->cbname; - cbname.len = ai->cbname_len; - tmb.t_continue_cb(ai->tindex, ai->tlabel, &cbname, &evname); + if(_async_timer_exec_last_slot < 0) { + _async_timer_exec_last_slot = idx; + } + slot = (_async_timer_exec_last_slot + 1) % ASYNC_RING_SIZE; + if(slot != idx) { + LM_DBG("need to catch up from slot %u to %u (slots: %u)\n", slot, idx, + ASYNC_RING_SIZE); + } + + do { + while(1) { + lock_get(&_async_list_head->ring[slot].lock); + ai = _async_list_head->ring[slot].lstart; + if(ai != NULL) + _async_list_head->ring[slot].lstart = ai->next; + lock_release(&_async_list_head->ring[slot].lock); + + if(ai == NULL) + break; + if(ai->ract != NULL) { + tmb.t_continue(ai->tindex, ai->tlabel, ai->ract); ksr_msg_env_reset(); } else { - LM_WARN("no callback to be executed\n"); + keng = sr_kemi_eng_get(); + if(keng != NULL && ai->cbname_len>0) { + cbname.s = ai->cbname; + cbname.len = ai->cbname_len; + tmb.t_continue_cb(ai->tindex, ai->tlabel, &cbname, &evname); + ksr_msg_env_reset(); + } else { + LM_WARN("no callback to be executed\n"); + } } + shm_free(ai); } - shm_free(ai); - } + if(slot == idx) { + break; + } + slot = (slot + 1) % ASYNC_RING_SIZE; + } while(1); + + _async_timer_exec_last_slot = idx; } void async_mstimer_exec(unsigned int ticks, void *param) [View Less]

1 0

git:5.6:6796e7fa: lib/ims: check return of strtok(...)
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: 6796e7faeef7c0af9805b07e4f29c6924d8f3edc URL: https://github.com/kamailio/kamailio/commit/6796e7faeef7c0af9805b07e4f29c69… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:53:21+01:00 lib/ims: check return of strtok(...) (cherry picked from commit 63095ef1bef36a35952ed265f41d87ccbc1bba70) --- Modified: src/lib/ims/ims_getters.c --- Diff: https://github.com/… [View More]

1 0

git:5.6:1107423f: rr: doc - fixed typos and use the proper param name add_username instead of enable_username
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: 1107423f6af0df4d788216324d6547247fa22224 URL: https://github.com/kamailio/kamailio/commit/1107423f6af0df4d788216324d65472… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:52:57+01:00 rr: doc - fixed typos and use the proper param name add_username instead of enable_username (cherry picked from commit 022fa0cfc75d150fde219b8ae4f9a99b3fa2f132) --- Modified: … [View More]src/modules/rr/doc/rr_admin.xml Modified: src/modules/rr/doc/rr_devel.xml --- Diff: https://github.com/kamailio/kamailio/commit/1107423f6af0df4d788216324d65472… Patch: https://github.com/kamailio/kamailio/commit/1107423f6af0df4d788216324d65472… --- diff --git a/src/modules/rr/doc/rr_admin.xml b/src/modules/rr/doc/rr_admin.xml index 98bad1239f2..c1ad84277ed 100644 --- a/src/modules/rr/doc/rr_admin.xml +++ b/src/modules/rr/doc/rr_admin.xml @@ -12,7 +12,7 @@ <section> <title>Overview</title> - <para>The module contains record routing logic</para> + <para>The module contains record routing logic.</para> </section> <section id="RR-dialog-id"> @@ -20,7 +20,7 @@ <para>&kamailio; is basically <emphasis>only</emphasis> a transaction stateful proxy, without any dialog support build in. There are many - features/services which actually requires a dialog awareness, like storing + features/services which actually require a dialog awareness, like storing the information in the dialog creation stage, information which will be used during the whole dialog existence.</para> @@ -246,7 +246,7 @@ modparam("rr", "enable_socket_mismatch_warning", 0) <section id="rr.p.custom_user_avp"> <title><varname>custom_user_avp</varname> (avp string)</title> - <para>When enable_username is enabled, a call to record_route will add + <para>When add_username is enabled, a call to record_route will add the username of the RequestURI to the Record-Route URI. This parameter allows you to setup an AVP with which you can customise the username to be added in the Record-Route URI.</para> @@ -664,7 +664,7 @@ add_rr_param(";nat=yes"); <para>The function checks if the URI parameters of the local Route header (corresponding to the local server) matches the given regular - expression. It must be call after loose_route() (see <xref + expression. It must be called after loose_route() (see <xref linkend="rr.f.loose_route"/>).</para> <para>Meaning of the parameters is as follows:</para> diff --git a/src/modules/rr/doc/rr_devel.xml b/src/modules/rr/doc/rr_devel.xml index 9d16ea0791f..a451c4fb4dd 100644 --- a/src/modules/rr/doc/rr_devel.xml +++ b/src/modules/rr/doc/rr_devel.xml @@ -128,7 +128,7 @@ record_route_advertised_address("1.2.3.4:5090"); The function checks for the request <quote>msg</quote> if the URI parameters of the local Route header (corresponding to the local server) matches the given regular expression <quote>re</quote>. - It must be call after the loose_route was done. + It must be called after the loose_route was done. </para> <para> The function returns 0 on success. Otherwise, -1 is returned. @@ -157,7 +157,7 @@ record_route_advertised_address("1.2.3.4:5090"); <quote>msg</quote>. As for checking it's used the <quote>ftag</quote> Route header parameter, the append_fromtag (see <xref linkend="append-fromtag-id"/> module parameter - must be enables. Also this must be call only after the loose_route is + must be enables. Also this must be called only after the loose_route is done. </para> <para> @@ -185,9 +185,9 @@ record_route_advertised_address("1.2.3.4:5090"); <function moreinfo="none">get_route_param( msg, name, val)</function> </title> <para> - The function search in to the <quote>msg</quote>'s Route header + The function searches in the <quote>msg</quote>'s Route header parameters the parameter called <quote>name</quote> and returns its - value into <quote>val</quote>. It must be call only after the + value into <quote>val</quote>. It must be called only after the loose_route is done. </para> <para> @@ -220,7 +220,7 @@ record_route_advertised_address("1.2.3.4:5090"); <function moreinfo="none">register_rrcb( callback, param)</function> </title> <para> - The function register a new callback (along with its parameter). The + The function registers a new callback (along with its parameter). The callback will be called when a loose route will be performed for the local address. </para> [View Less]

1 0

git:5.6:b2e87279: core: typos in comments and EoL after log when parse msg fails
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: b2e872799d8a694bd433193ec8157ab1d329edaa URL: https://github.com/kamailio/kamailio/commit/b2e872799d8a694bd433193ec8157ab… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:52:43+01:00 core: typos in comments and EoL after log when parse msg fails - GH #3348 (cherry picked from commit 51fa3da96c1eacd4d679598a3305180c9e818cfb) --- Modified: src/core/… [View More]msg_translator.c --- Diff: https://github.com/kamailio/kamailio/commit/b2e872799d8a694bd433193ec8157ab… Patch: https://github.com/kamailio/kamailio/commit/b2e872799d8a694bd433193ec8157ab… --- diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c index bc1b9736df8..3ab6fae4725 100644 --- a/src/core/msg_translator.c +++ b/src/core/msg_translator.c @@ -53,7 +53,7 @@ * lookup is performed on the host part and the reply is sent to the * resulting ip. If a port is present or the host part is an ip address * the dns lookup will be a "normal" one (A or AAAA). - * - if rport is present, it's value will be used as the destination port + * - if rport is present, its value will be used as the destination port * (and this will also disable srv lookups) * - if no port is present the destination port will be taken from the srv * lookup. If the srv lookup fails or is not performed (e.g. ip address @@ -1459,7 +1459,7 @@ void process_lumps( struct sip_msg* msg, /* skip len bytes from orig msg */ s_offset+=t->len; } else if (t->op==LUMP_DEL && flag == FLAG_MSG_LUMPS_ONLY) { - /* copy lump value and indent as necessarely */ + /* copy lump value and indent as necessarily */ memcpy(new_buf+offset, orig + t->u.offset, t->len); offset+=t->len; if (new_buf[offset-1] != '\n') { @@ -1592,7 +1592,7 @@ static inline int adjust_clen(struct sip_msg* msg, int body_delta, int proto) /* The body has been changed, try to find * existing Content-Length */ - /* no need for Content-Length if it's and UDP packet and + /* no need for Content-Length if it's an UDP packet and * it hasn't Content-Length already */ if (msg->content_length==0){ /* content-length doesn't exist, append it */ @@ -1938,7 +1938,7 @@ int check_boundaries(struct sip_msg *msg, struct dest_info *send_info) /** builds a request in memory from another sip request. * * Side-effects: - it adds lumps to the msg which are _not_ cleaned. - * The added lumps are HDR_VIA_T (almost always added), HDR_CONTENLENGTH_T + * The added lumps are HDR_VIA_T (almost always added), HDR_CONTENTLENGTH_T * and HDR_ROUTE_T (when a Route: header is added as a result of a non-null * msg->path_vec). * - it might change send_info->proto and send_info->send_socket @@ -2109,7 +2109,7 @@ char * build_req_buf_from_sip_req(struct sip_msg* msg, } received_buf = NULL; } - /* if rport needs to be updated, delete it if present and add it's value */ + /* if rport needs to be updated, delete it if present and add its value */ if (rport_buf){ if (msg->via1->rport){ /* rport already present */ via_insert_param=del_lump(msg, @@ -3075,7 +3075,7 @@ char* create_via_hf(unsigned int *len, /* builds a char* buffer from message headers without body * first line is excluded in case of skip_first_line=1 - * error is set -1 if the memory allocation failes + * error is set -1 if the memory allocation fails */ char * build_only_headers( struct sip_msg* msg, int skip_first_line, unsigned int *returned_len, @@ -3127,7 +3127,7 @@ char * build_only_headers( struct sip_msg* msg, int skip_first_line, } /* builds a char* buffer from message body - * error is set -1 if the memory allocation failes + * error is set -1 if the memory allocation fails */ char * build_body( struct sip_msg* msg, unsigned int *returned_len, @@ -3253,7 +3253,7 @@ int build_sip_msg_from_buf(struct sip_msg *msg, char *buf, int len, msg->buf = buf; msg->len = len; if (parse_msg(buf, len, msg)!=0) { - LM_ERR("parsing failed"); + LM_ERR("parsing failed\n"); return -1; } msg->set_global_address=default_global_address; [View Less]

1 0

git:5.6:6f3a4812: ims_dialog: fix module name in modparam examples
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: 6f3a48124cedc04332e45e9f38f54ed5acb1027d URL: https://github.com/kamailio/kamailio/commit/6f3a48124cedc04332e45e9f38f54ed… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:51:45+01:00 ims_dialog: fix module name in modparam examples (cherry picked from commit a4150741748779bba8e14bed286c6d64b1df7f17) --- Modified: src/modules/ims_dialog/doc/ims_dialog_admin.… [View More]

1 0

git:5.6:ee7d3144: exec: docs - added security warning
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: ee7d314422003fc6edfbc364015499e38e18ae62 URL: https://github.com/kamailio/kamailio/commit/ee7d314422003fc6edfbc364015499e… Author: Sandro Gauci <sandro(a)enablesecurity.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:50:24+01:00 exec: docs - added security warning - Added warning about potential for OS Command Injection - Updated invalid examples previous example gives the following error: pv_parse_spec2(): … [View More]error searching pvar "rU.txt" (cherry picked from commit f81f0e77c5ab67431af1f62f0e027379a3445951) --- Modified: src/modules/exec/doc/exec_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/ee7d314422003fc6edfbc364015499e… Patch: https://github.com/kamailio/kamailio/commit/ee7d314422003fc6edfbc364015499e… --- diff --git a/src/modules/exec/doc/exec_admin.xml b/src/modules/exec/doc/exec_admin.xml index 12249d5104a..9dee3522d66 100644 --- a/src/modules/exec/doc/exec_admin.xml +++ b/src/modules/exec/doc/exec_admin.xml @@ -77,6 +77,23 @@ Otherwise they will be evaluated as &kamailio; pseudo-variables, throwing errors. </para> + <para> + WARNING: if the exec functions are passed variables that might include + malicious input, then remote attackers may abuse the exec functions to + execute arbitrary code. Specifically, this may result in OS command injection. + In such cases, input validation is required to prevent the vulnerability. + The following is an example of how input validation and exec module + functions may be used together to prevent exploitation: + </para> + <programlisting format="linespecific"> +... +if !($rU =~ "^[0-9]{1,15}$") { + xlog("Malformed R-URI username: '$rU'\n"); + exit; +} +exec_msg("echo TEST >> /tmp/$(rU).txt"); +... + </programlisting> </section> <section> @@ -186,7 +203,7 @@ modparam("exec", "time_to_kill", 20) <programlisting format="linespecific"> ... exec_dset("echo TEST > /tmp/test.txt"); -exec_dset("echo TEST > /tmp/$rU.txt"); +exec_dset("echo TEST > /tmp/$(rU).txt"); ... </programlisting> </example> @@ -225,7 +242,7 @@ exec_dset("echo TEST > /tmp/$rU.txt"); <programlisting format="linespecific"> ... exec_msg("echo TEST > /tmp/test.txt"); -exec_msg("echo TEST > /tmp/$rU.txt"); +exec_msg("echo TEST > /tmp/$(rU).txt"); ... </programlisting> </example> @@ -300,7 +317,7 @@ exec_avp("echo TEST", "$avp(s:test)"); <programlisting format="linespecific"> ... exec_cmd("echo TEST > /tmp/test.txt"); -exec_cmd("echo TEST > /tmp/$rU.txt"); +exec_cmd("echo TEST > /tmp/$(rU).txt"); ... </programlisting> </example> @@ -315,4 +332,3 @@ exec_cmd("echo TEST > /tmp/$rU.txt"); </para> </section> </chapter> - [View Less]

1 0

git:5.6:d59c6451: websocket: ignore keepalive in state WS_S_REMOVING
by Daniel-Constantin Mierla 24 Feb '23

24 Feb '23

Module: kamailio Branch: 5.6 Commit: d59c64514f032a73a1f6aa65051f81b8784a5713 URL: https://github.com/kamailio/kamailio/commit/d59c64514f032a73a1f6aa65051f81b… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-24T13:49:54+01:00 websocket: ignore keepalive in state WS_S_REMOVING - GH #3331 (cherry picked from commit 34c3c42b7fe44dbe88110415ec78400a7defde61) --- Modified: src/modules/websocket/ws_frame.… [View More]

1 0

Info: Registration to Kamailio World 2023 is open!
by Daniel-Constantin Mierla 20 Feb '23

20 Feb '23

Hello, a quick note to the community forums to announce that the registration for the next Kamailio World Conference (June 5-7, 2022, in Berlin, Germany) is now open! The event returns to an in-person conference format, at the same wonderful location in the city center of Berlin! More details are available at: * https://www.kamailioworld.com/k2023/registration/ Call for presentations is also open, there is already a group of very interesting submissions, we aim to publish details … [View More]

1 0

← Newer
1
...
12
13
14
15
16
17
18
...
30
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev February 2023