[OpenSIPS-Devel] [OpenSIPS/opensips] 8e4f97: parse_via(): Fix out-of-bounds read edge-case (OSS...
Liviu Chircu
noreply at github.com
Tue Nov 8 14:09:39 UTC 2022
Branch: refs/heads/3.1
Home: https://github.com/OpenSIPS/opensips
Commit: 8e4f97f112694802578dd20b6d0c6c7267c8f49c
https://github.com/OpenSIPS/opensips/commit/8e4f97f112694802578dd20b6d0c6c7267c8f49c
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M parser/parse_via.c
M parser/test/test_parser.c
Log Message:
-----------
parse_via(): Fix out-of-bounds read edge-case (OSS-Fuzz)
This patch fixes a possible off-by-one read overflow while parsing the
Via buffer. Even so, the error was mostly harmless, as the supplied
buffer is typically much larger and is guaranteed to be NULL-terminated
(see udp_read_req(), for example).
Severity: Low
Fixes OSS-Fuzz#52326
(cherry picked from commit 5e9f72d3d90e8fc9cb20578a95c891631b4d91da)
Commit: 569e336c846243ca33b7b6ccc2798c7d575b4ea7
https://github.com/OpenSIPS/opensips/commit/569e336c846243ca33b7b6ccc2798c7d575b4ea7
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M modules/db_flatstore/flat_mi.c
M modules/db_flatstore/flat_mi.h
M modules/db_flatstore/flatstore.c
M modules/db_flatstore/flatstore_mod.c
Log Message:
-----------
db_flatstore: Fix missing CDRs due to 'flat_rotate' race conditions
This commit simply adds R/W locking around the 'flat_rotate' MI command,
and all the SIP worker processes. The race condition was as follows:
* SIP worker checks the 'flat_rotate' stamp and proceeds to write CDR
* 'flat_rotate' is ran (timestamp++)
* external process scans & fully reads the rotated file (with deletion
to follow later as well, but this is irrelevant)
* SIP worker finally writes the CDR using flushed/vector'ed I/O
(too late at this point, CDR is forever lost)
(cherry picked from commit d3b1463ee115a8b7d4d6b9658c8b07b9ef3d0549)
Commit: 06da52b001bd13172fc309d5892149033a3843c3
https://github.com/OpenSIPS/opensips/commit/06da52b001bd13172fc309d5892149033a3843c3
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M modules/db_flatstore/flat_mi.c
M modules/db_flatstore/flatstore.c
M modules/db_flatstore/flatstore_mod.c
M modules/db_flatstore/flatstore_mod.h
Log Message:
-----------
db_flatstore: Fix another race condition around MI 'flat_rotate'
This race condition was related to invoking 'flat_rotate' 2+ times
during the same second (UNIX timestamp). Due to the way the
timestamping logic was implemented, this could lead to files NOT being
rotated at all on the 2nd 'flat_rotate', which falls in the same second.
Although very rare, this race condition could lead to massive CDR loss,
since all CDRs between 2nd and 3rd 'flat_rotate' commands have a great
chance of being fully lost (unread and discarded).
(cherry picked from commit e180b1536e89e7bc8d6e2dd3264786e8531c71d7)
Commit: 846132178af4ceea1c269007f9429cb6c49efabe
https://github.com/OpenSIPS/opensips/commit/846132178af4ceea1c269007f9429cb6c49efabe
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M parser/parse_via.c
M parser/test/test_parser.c
Log Message:
-----------
parse_via_param(): Fix out-of-bounds read edge-case (OSS-Fuzz)
Similar to 5e9f72d3d, but for the parse_via_param() function.
Severity: Low
Fixes OSS-Fuzz#53080
(cherry picked from commit 6135ff05d0897342ca5c81585cef5a650eae67b9)
Compare: https://github.com/OpenSIPS/opensips/compare/e36404610604...846132178af4
More information about the Devel
mailing list