[OpenSIPS-Devel] [ opensips-Patches-2223501 ] maxfwd module - internal corruption

SourceForge.net noreply at sourceforge.net
Mon Nov 10 17:27:18 CET 2008


Patches item #2223501, was opened at 2008-11-05 04:57
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086412&aid=2223501&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: Fixed
Priority: 5
Private: No
Submitted By: reticent (unspin)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: maxfwd module - internal corruption

Initial Comment:
The issue occurs when calling 'mf_process_maxfwd_header' or 'is_maxfwd_lt' script functions more than once within a single script execution
The second occurrence always returns as if the max forward header value has reached zero due to an issue with the temporary value (max forwards count) stored by the module being overwritten with zero during an int to string conversion

We are calling it more than once during a single execution to detect and trap possible call forwarding loops between accounts

Cheers!

Credits to: 
Peter Baer (pbaer at galaxytelecom dot net)
Tavis Paquette (tavis at galaxytelecom dot net)

----------------------------------------------------------------------

>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-11-10 18:27

Message:
Hi,

I do not see how this patch solves something - you have the mf header body
and trim it in a foo variable which is not used - it returns the value
stored into "parsed" value.....
maybe something is missing me :)..

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: reticent (unspin)
Date: 2008-11-08 06:53

Message:
Heres an additional patch for maxfwd, this fixes the segmentation fault we
came across



----------------------------------------------------------------------

Comment By: reticent (unspin)
Date: 2008-11-06 02:53

Message:
We've found a rather serious problem (seg fault) but we havn't tracked it
down completely

We suspect the issue is related to maxfwd overwriting the pointer to the
max-forward value in the sip-msg with an integer.  Where before it was
always zero, which would be treated as a null pointer (potentially causing
a problem when TM interacts with that pointer), but we havn't had the
chance to prove this theory yet

We're right in the middle of a deployment so we can't work on this issue
right away, but we'll have somthing definitive for you by next week


----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-11-05 15:29

Message:
OK - a fix (different approach on the problem) is now available in SVN
trunk - please test and let me know if ok or not. If ok, I will do the
backport on 1.4

Thanks and regards,
Bogdan

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-11-05 15:24

Message:
Hi,

yes, you are definitely right - the value should be first saved in the
parsed hook and than written into message.

Regards,
Bogdan 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086412&aid=2223501&group_id=232389



More information about the Devel mailing list