[OpenSIPS-Devel] [OpenSIPS/opensips] ac549a: async: fix fd leaking and invalid memory overwrite
Razvan Crainea
razvan at opensips.org
Wed Oct 3 03:49:36 EDT 2018
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: ac549a0d5f3a084cd7034bf45b603f95c64025af
https://github.com/OpenSIPS/opensips/commit/ac549a0d5f3a084cd7034bf45b603f95c64025af
Author: Razvan Crainea <razvan at opensips.org>
Date: 2018-10-03 (Wed, 03 Oct 2018)
Changed paths:
M async.c
M modules/tm/async.c
Log Message:
-----------
async: fix fd leaking and invalid memory overwrite
when calling `reactor_del_reader(*fd, ...)`, the `*fd` will become -1.
The reason is because `fd` points to a `io_wait_h->fd_no`, that will get
changed to `-1` at the end of the function. Hence the actual `*fd` value
will be lost, and `close(*fd)` is a no-op, resulting in original fd
leaking. Moreover, when assigning `*fd` a new value, we will be
overwriting the `io_wait_h->fd_no` in the reactor, resulting in
undefined behavior.
This commit stores the actual value of `*fd` in a local variable and
uses it throught the function, making sure the `io_wait_h->fd_no` is not
overwritten and the `close()` function is called on the proper fd.
Many thangs to Eric Tamme (lirakis) on IRC for reporting this.
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Devel
mailing list