Module: kamailio
Branch: master
Commit: a71bd9d9424456ef1167468c5bbbfd38b1099e89
URL: https://github.com/kamailio/kamailio/commit/a71bd9d9424456ef1167468c5bbbfd3…
Author: Rick Barenthin <rick(a)ng-voice.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2024-07-25T12:20:59+02:00
cdp: fix use after free in transaction call backs
If the traction is set to auto drop,
the memory will be freed and with it the next pointer.
---
Modified: src/modules/cdp/transaction.c
---
Diff: https://github.com/kamailio/kamailio/commit/a71bd9d9424456ef1167468c5bbbfd3…
Patch: https://github.com/kamailio/kamailio/commit/a71bd9d9424456ef1167468c5bbbfd3…
---
diff --git a/src/modules/cdp/transaction.c b/src/modules/cdp/transaction.c
index f1445ff15be..a2b97654dd0 100644
--- a/src/modules/cdp/transaction.c
+++ b/src/modules/cdp/transaction.c
@@ -256,10 +256,11 @@ int cdp_trans_timer(time_t now, void *ptr)
/* do all queued callbacks */
x = cb_queue->head;
while(x) {
+ n = x->next;
(x->cb)(1, *(x->ptr), 0, (now - x->expires));
if(x->auto_drop)
cdp_free_trans(x);
- x = x->next;
+ x = n;
}
pkg_free(cb_queue);
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, ...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [x] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [ ] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
Fixing issues discovered by Coverity
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/3926
-- Commit Summary --
* ims_qos_npn: fixed issues discovered by coverity
-- File Changes --
M src/modules/ims_qos_npn/rx_aar.c (12)
M src/modules/ims_qos_npn/rx_avp.c (5)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/3926.patchhttps://github.com/kamailio/kamailio/pull/3926.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3926
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3926(a)github.com>
Hi
there is an issue with the SIP parser for the t_uac_send function
https://www.kamailio.org/docs/modules/devel/modules/tm.html#tm.f.t_uac_send
If I call this function for example:
t_uac_send("INVITE", "sip:test@123.123.123.123:5060", "", "" ,"Content-Type: text/plain\r\nContact: <sip:85951b3d-096c-95d6-5f05-4f38095aca9f@172.17.64.120:5060;transport=tcp>;+u.sip!devicename.ccm.cisco.com=\"SEP5486BC7F2BBC\"", "Testbody")
Then the resulting request is broken - it's probably due to a character (exclamation mark?) in the Contact header.... I tested it with a call from kemi, but it probably also occurs when you run it with a normal kamailio -script tests
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3682
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3682(a)github.com>