[OpenSIPS-Devel] [OpenSIPS/opensips] d0b6e6: fraud_detection: Fix incomplete locking logic

Liviu Chircu noreply at github.com
Mon Sep 23 13:21:42 EDT 2019


  Branch: refs/heads/2.4
  Home:   https://github.com/OpenSIPS/opensips
  Commit: d0b6e60bb37efb153f6dd2bee94de09704e043f2
      https://github.com/OpenSIPS/opensips/commit/d0b6e60bb37efb153f6dd2bee94de09704e043f2
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2019-09-23 (Mon, 23 Sep 2019)

  Changed paths:
    M modules/fraud_detection/frd_hashmap.c
    M modules/fraud_detection/frd_hashmap.h
    M modules/fraud_detection/frd_stats.c

  Log Message:
  -----------
  fraud_detection: Fix incomplete locking logic

The get_item() function results were insufficiently guarded, such
that the SIP workers may concurrently perform insert operations on the
same map object, possibly leading to shm corruption.

Fixes #1389


  Commit: 118a3526896ef7b3e665eb308bb1148a4527d7c9
      https://github.com/OpenSIPS/opensips/commit/118a3526896ef7b3e665eb308bb1148a4527d7c9
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2019-09-23 (Mon, 23 Sep 2019)

  Changed paths:
    M modules/fraud_detection/fraud_detection.c
    M modules/fraud_detection/frd_events.c
    M modules/fraud_detection/frd_events.h
    M modules/fraud_detection/frd_load.c

  Log Message:
  -----------
  fraud_detection: Fix a dangling SHM access bug

This patch fixes a race condition where a fraud_detection reload could
free the global SHM "threshold" objects which are still being referenced
N times (once for each ongoing dialog -- callback is invoked on
termination).

The solution is to simply store the integer values of the thresholds
into the callback data, and avoid storing any SHM pointers which have no
lifetime guarantees.


  Commit: 3ac00a6dd28c2b60749561513afaceff2e1c2404
      https://github.com/OpenSIPS/opensips/commit/3ac00a6dd28c2b60749561513afaceff2e1c2404
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2019-09-23 (Mon, 23 Sep 2019)

  Changed paths:
    M modules/fraud_detection/fraud_detection.c
    M modules/fraud_detection/frd_stats.c
    M modules/fraud_detection/frd_stats.h

  Log Message:
  -----------
  fraud_detection: Fix a seq calls computation bug

The sequential calls of a user should be counted using the dialed
numbers, NOT the matched fraud rule prefixes (which are almost always
shorter).

Reported by Benjamin Pasquet from OpenIP


  Commit: f36341f599a9c34fcfd55e898aa906085b9f7b90
      https://github.com/OpenSIPS/opensips/commit/f36341f599a9c34fcfd55e898aa906085b9f7b90
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2019-09-23 (Mon, 23 Sep 2019)

  Changed paths:
    M modules/fraud_detection/fraud_detection.c
    M modules/fraud_detection/frd_hashmap.c
    M modules/fraud_detection/frd_stats.h

  Log Message:
  -----------
  fraud_detection: Various small improvements

    * refactor unreadable/unmaintainable code
    * fix bad hash sizes, leading to unused buckets
    * improve some key errors reported to the users


  Commit: 3e42262b3874402747d141863199f5f9242d352c
      https://github.com/OpenSIPS/opensips/commit/3e42262b3874402747d141863199f5f9242d352c
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2019-09-23 (Mon, 23 Sep 2019)

  Changed paths:
    M db/schema/fraud_detection.xml
    M scripts/db_berkeley/opensips/fraud_detection
    M scripts/mysql/fraud_detection-create.sql
    M scripts/oracle/fraud_detection-create.sql
    M scripts/postgres/fraud_detection-create.sql
    M scripts/sqlite/fraud_detection-create.sql

  Log Message:
  -----------
  fraud_detection DB schema: Fix missing default values


Compare: https://github.com/OpenSIPS/opensips/compare/4612e55680ba...3e42262b3874



More information about the Devel mailing list