Hello,
some (not so) recently fields added to sip_msg_t structure were not
handled properly. These are instance (added by Juha), ruid, location_ua
(added by Crocodile patches), so I explicitely put to repicients the
people working with them to check my changes I did for fixing some
related issues.
The issues:
1) sip_msg_t is cloned in shm for transaction. So each new field added
to this structure has to be handled in the function that clones to shm,
otherwise their values will stay referencing to pkg. Then, same fields
have to be handled in tm when running sip failure handlers -- there a
faked environment and sip msg structure are created from shm back to pkg.
2) if the new fields allocate memory, the free sip msg function has to
clean that, otherwise will be a memory leak
The reason writing here is that for 1) I didn't clone the values in shm,
just reset the pointers to NULL (same is done for path vector). But if
you need these values to be in transaction, then you have to clone them.
What I did fixes a crash when trying to use lookup() in failure route --
because these fields are set, when the new values have a lower lenght,
it will just write in buffer, which is invalid as either the pkg pointer
was freed or the failure route is executed in another process (resulting
in writing at inappropriate addresses in current process). My assumption
was that no one used these fields from transaction, because would have
reported a crash as well, thus I didn't clone and set them to NULL.
Cheers,
Daniel
--
Daniel-Constantin Mierla -
http://www.asipto.com
http://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013
- more details about Kamailio trainings at
http://www.asipto.com -