[OpenSIPS-Devel] [OpenSIPS/opensips] 8d0161: parse_via(): Fix out-of-bounds read edge-case (OSS...
Liviu Chircu
noreply at github.com
Tue Nov 8 14:09:39 UTC 2022
Branch: refs/heads/3.3
Home: https://github.com/OpenSIPS/opensips
Commit: 8d01619671f314adeeda237b6b80d5baf283410d
https://github.com/OpenSIPS/opensips/commit/8d01619671f314adeeda237b6b80d5baf283410d
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M parser/parse_via.c
M parser/test/test_parser.c
Log Message:
-----------
parse_via(): Fix out-of-bounds read edge-case (OSS-Fuzz)
This patch fixes a possible off-by-one read overflow while parsing the
Via buffer. Even so, the error was mostly harmless, as the supplied
buffer is typically much larger and is guaranteed to be NULL-terminated
(see udp_read_req(), for example).
Severity: Low
Fixes OSS-Fuzz#52326
(cherry picked from commit 5e9f72d3d90e8fc9cb20578a95c891631b4d91da)
Commit: dcc7cbdbd5db0f4c865c70ec19610c8da1e2f855
https://github.com/OpenSIPS/opensips/commit/dcc7cbdbd5db0f4c865c70ec19610c8da1e2f855
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M modules/db_flatstore/flat_mi.c
M modules/db_flatstore/flat_mi.h
M modules/db_flatstore/flatstore.c
M modules/db_flatstore/flatstore_mod.c
Log Message:
-----------
db_flatstore: Fix missing CDRs due to 'flat_rotate' race conditions
This commit simply adds R/W locking around the 'flat_rotate' MI command,
and all the SIP worker processes. The race condition was as follows:
* SIP worker checks the 'flat_rotate' stamp and proceeds to write CDR
* 'flat_rotate' is ran (timestamp++)
* external process scans & fully reads the rotated file (with deletion
to follow later as well, but this is irrelevant)
* SIP worker finally writes the CDR using flushed/vector'ed I/O
(too late at this point, CDR is forever lost)
(cherry picked from commit d3b1463ee115a8b7d4d6b9658c8b07b9ef3d0549)
Commit: bcc383715981fee30ebb95bd7b98febf2e67b97e
https://github.com/OpenSIPS/opensips/commit/bcc383715981fee30ebb95bd7b98febf2e67b97e
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M modules/db_flatstore/flat_mi.c
M modules/db_flatstore/flatstore.c
M modules/db_flatstore/flatstore_mod.c
M modules/db_flatstore/flatstore_mod.h
Log Message:
-----------
db_flatstore: Fix another race condition around MI 'flat_rotate'
This race condition was related to invoking 'flat_rotate' 2+ times
during the same second (UNIX timestamp). Due to the way the
timestamping logic was implemented, this could lead to files NOT being
rotated at all on the 2nd 'flat_rotate', which falls in the same second.
Although very rare, this race condition could lead to massive CDR loss,
since all CDRs between 2nd and 3rd 'flat_rotate' commands have a great
chance of being fully lost (unread and discarded).
(cherry picked from commit e180b1536e89e7bc8d6e2dd3264786e8531c71d7)
Commit: dcf6fdda5907a6bea5636640f47d40c2e9052322
https://github.com/OpenSIPS/opensips/commit/dcf6fdda5907a6bea5636640f47d40c2e9052322
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M parser/parse_via.c
M parser/test/test_parser.c
Log Message:
-----------
parse_via_param(): Fix out-of-bounds read edge-case (OSS-Fuzz)
Similar to 5e9f72d3d, but for the parse_via_param() function.
Severity: Low
Fixes OSS-Fuzz#53080
(cherry picked from commit 6135ff05d0897342ca5c81585cef5a650eae67b9)
Compare: https://github.com/OpenSIPS/opensips/compare/037254dd1503...dcf6fdda5907
More information about the Devel
mailing list