[OpenSIPS-Devel] [OpenSIPS/opensips] 5a6b3a: Fix next_hop crash (seen in nathelper nh_timer) du...
Liviu Chircu
noreply at github.com
Wed Sep 2 07:51:27 EST 2020
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 5a6b3abe41a2eaed961a530675f6441a692e8640
https://github.com/OpenSIPS/opensips/commit/5a6b3abe41a2eaed961a530675f6441a692e8640
Author: Walter Doekes <walter+github at wjd.nu>
Date: 2020-08-31 (Mon, 31 Aug 2020)
Changed paths:
M modules/usrloc/dlist.c
Log Message:
-----------
Fix next_hop crash (seen in nathelper nh_timer) due to reading reused mem
Problem:
- get_domain_db_ucontacts (through get_domain_ucontacts) was handing out
(next_hop) pointers to memory that was unused. This resulted in a
crash when this memory was reused before the invalid pointer was
reused.
Relevant issues and commits:
- #1652 [OpenSIPS crashes since of child that serves rtpproxy]
- e162f5f10 [fix 1652: usrloc: make next_hop point within the shared buffer]
- #1710 [nathelper next_hop off by one for usrloc path]
- 0300eb1d5 [fix 1710 / revert 1652: usrloc: fix next hop compute for ...]
That is: e162f5f10 fixes this exact problem in get_domain_db_ucontacts, in
get_domain_mem_ucontacts and in get_domain_cdb_ucontacts (cdb_pack_ping_data).
But in 0300eb1d5 it is reverted for only get_domain_db_ucontacts.
This fix:
- Rewrites the fix for get_domain_db_ucontacts and
get_domain_cdb_ucontacts, making it less fragile/bug-prone.
- Adds comments about fragility to get_domain_mem_ucontacts
- Fixed unaligned memcpy that might affect non-intel CPUs:
`((struct proxy_l *)cp)->name.s = next_hop_host`
Bug reported and fix tested by Jasper Hafkenscheid @hafkensite (VoIPGRID).
Commit: 4d81a7f55441b4a9c8833e7769b4e445cb2f5d05
https://github.com/OpenSIPS/opensips/commit/4d81a7f55441b4a9c8833e7769b4e445cb2f5d05
Author: Liviu Chircu <liviu at opensips.org>
Date: 2020-09-02 (Wed, 02 Sep 2020)
Changed paths:
M modules/usrloc/dlist.c
Log Message:
-----------
Merge pull request #2233 from wdoekes/wjd-fix-next_hop-reading-freed-mem
Fix next_hop crash (seen in nathelper nh_timer) due to reading reused mem
Compare: https://github.com/OpenSIPS/opensips/compare/5ec53788c776...4d81a7f55441
More information about the Devel
mailing list