[OpenSIPS-Devel] [OpenSIPS/opensips] df67ba: Fix next_hop crash (seen in nathelper nh_timer) du...
Walter Doekes
noreply at github.com
Wed Sep 2 08:46:04 EST 2020
Branch: refs/heads/3.1
Home: https://github.com/OpenSIPS/opensips
Commit: df67bac58b260ec426c945c58859978a78c6b67d
https://github.com/OpenSIPS/opensips/commit/df67bac58b260ec426c945c58859978a78c6b67d
Author: Walter Doekes <walter+github at wjd.nu>
Date: 2020-09-02 (Wed, 02 Sep 2020)
Changed paths:
M modules/usrloc/dlist.c
Log Message:
-----------
Fix next_hop crash (seen in nathelper nh_timer) due to reading reused mem
Problem:
- get_domain_db_ucontacts (through get_domain_ucontacts) was handing out
(next_hop) pointers to memory that was unused. This resulted in a
crash when this memory was reused before the invalid pointer was
reused.
Relevant issues and commits:
- #1652 [OpenSIPS crashes since of child that serves rtpproxy]
- e162f5f10 [fix 1652: usrloc: make next_hop point within the shared buffer]
- #1710 [nathelper next_hop off by one for usrloc path]
- 0300eb1d5 [fix 1710 / revert 1652: usrloc: fix next hop compute for ...]
That is: e162f5f10 fixes this exact problem in get_domain_db_ucontacts, in
get_domain_mem_ucontacts and in get_domain_cdb_ucontacts (cdb_pack_ping_data).
But in 0300eb1d5 it is reverted for only get_domain_db_ucontacts.
This fix:
- Rewrites the fix for get_domain_db_ucontacts and
get_domain_cdb_ucontacts, making it less fragile/bug-prone.
- Adds comments about fragility to get_domain_mem_ucontacts
- Fixed unaligned memcpy that might affect non-intel CPUs:
`((struct proxy_l *)cp)->name.s = next_hop_host`
Bug reported and fix tested by Jasper Hafkenscheid @hafkensite (VoIPGRID).
(cherry picked from commit 5a6b3abe41a2eaed961a530675f6441a692e8640)
More information about the Devel
mailing list